What do net attackers look for?
Mike Oliver
moliver-fC0AHe2n+mcIvw5+aKnW+Pd9D2ou9A/h at public.gmane.org
Wed Feb 13 22:30:06 UTC 2008
Quoting Kristian Erik Hermansen <kristian.hermansen-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>:
> On Feb 13, 2008 1:52 PM, Mike Oliver <moliver-fC0AHe2n+mcIvw5+aKnW+Pd9D2ou9A/h at public.gmane.org> wrote:
>> I just set up an Ubuntu system and have been spending lots
>> of time configuring it. I put tight IP filtering in place
>> and looking at the logs shows lots of probing.
>>
>> It occurred to me to wonder, just what are they looking for?
>> Suppose, hypothetically, that an attacker had been able to guess
>> my password while I was setting it up, when I was trying to figure
>> out networking issues and briefly turned off ip6tables to see
>> if that was the problem. Would they be able to do anything,
>> given that I hadn't turned on sshd or telnetd or ftpd? (A "ps -ef | grep"
>> on ssh shows something called "ssh-client" or something like that,
>> but not sshd.)
>
> You probably want to go and read "Hacking Exposed" to find out the
> methodology hackers use to infiltrate systems :-)
I don't really want to know all the gory details. I'm mostly interested
in the answer to the direct question: If an attacker can guess your password
and your firewall is off, but you haven't turned on any of the obvious
daemons, what is the risk level?
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list