Re: Need a Security Consult

• To: www-security@ns2.rutgers.edu (WWW SECURITY)
• Subject: Re: Need a Security Consult
• From: Todd_Nugent@mail.chapman.com
• Date: Mon, 08 Jul 1996 14:23:31 CDT
• Organization: Chapman and Cutler

                Reply
                To:     RE>>Need a Security Consultant              7/8/96
                                                                    1:53 PM
> I agree - you will be a *constant* target and they will *always* try to 
> get in - which makes the task of keeping the hackers at bay so difficult.
 
> Some hackers will spend *years* going after a corporation.

I can tell you this is true from a hacker I recently monitored who got into
one of our sacrificial servers outside our perimeter network.  He had a set
of scripts that he ran every night checking every possible ip address in a
set of corporate domains for most of the known unsecure versions of common
software.  It worked for him too.  After 12 nights of not getting into a
particular corporate network, they added a new machine which had NFS
running and this guy was in with an IP spoofing NFS attack.  It was an eye
opener for me that adding a non-hardened machine for a single night is not
just a risk, but a sure breakin!  And of course this person used tools
which left no traces in syslog, wtmp, etc. (He got in through our NCSA
httpd server....you don't have to say it.)

Todd

• Re: Need a Security Consult
• From: efrank@ncsa.uiuc.edu (Beth Frank)
• Re: Need a Security Consult
• From: Ng Pheng Siong <ngps@pacific.net.sg>

• Previous: Re: COMMENT: Cookie dough (fwd)
• Next: Web-to-database interfaces?
• Index(es):
  • Index
  • Thread