[2350] in WWW Security List Archive
Re: Need a Security Consult
daemon@ATHENA.MIT.EDU (Todd_Nugent@mail.chapman.com)
Mon Jul 8 18:27:33 1996
From: Todd_Nugent@mail.chapman.com
To: www-security@ns2.rutgers.edu (WWW SECURITY)
Date: Mon, 08 Jul 1996 14:23:31 CDT
Errors-To: owner-www-security@ns2.rutgers.edu
Reply
To: RE>>Need a Security Consultant 7/8/96
1:53 PM
> I agree - you will be a *constant* target and they will *always* try to
> get in - which makes the task of keeping the hackers at bay so difficult.
> Some hackers will spend *years* going after a corporation.
I can tell you this is true from a hacker I recently monitored who got into
one of our sacrificial servers outside our perimeter network. He had a set
of scripts that he ran every night checking every possible ip address in a
set of corporate domains for most of the known unsecure versions of common
software. It worked for him too. After 12 nights of not getting into a
particular corporate network, they added a new machine which had NFS
running and this guy was in with an IP spoofing NFS attack. It was an eye
opener for me that adding a non-hardened machine for a single night is not
just a risk, but a sure breakin! And of course this person used tools
which left no traces in syslog, wtmp, etc. (He got in through our NCSA
httpd server....you don't have to say it.)
Todd
