[ale] Thanks Asshole! help me test my script.... (URL)

Michael H. Warfield mhw at wittsend.com
Fri Apr 12 18:11:16 EDT 2002


On Fri, Apr 12, 2002 at 01:30:08PM -0400, tewkewl at mindspring.com wrote:
> Are you sure it was somebody on the list?  and what happened?  I mean,
	I've had a box get hammered the first 5 minutes it was on the
	wire before and nobody knew about it... I would hate to think a
	user on the list would screw with you unless it was a complete
	accident... Maybe I should back track through the thread...

	Your word wrap didn't...

	Let's see...  I monitor over 25,600 addresses for poking and
prodding.  What did we see...  Hmmm...  Last 48 hour report (04/10 and
04/11) showed 242580 unique probes (connection attempts) to port 80 within
that address space (that does NOT count duplicates, those are each unique
saddr:sport -> daddr:80).  On average, that's something somewhere between 9
and 10 connection attempts to port 80 on each of those 25,600 addresses.
And not a single solitary one of them was legit.  That makes for a mean
free half life of somewhere around 5 hours or so for a given address
getting slapped.

	You put something up like that, the odds are so stacked against
you it isn't even funny...  That's not even counting the shit storm that
takes place when one of those connections succeed.  You don't need to
announce it for the bad guys to find it.  To quote our own Brent Laminack,
"boot it and they will come".  In droves, I might add...

> -Patrick

> On Fri, 12 Apr 2002 11:19:23 -0400 (EDT) Ken Nagorski <kenn at pcintelligent.com> wrote:

> To however went in and deleted the one domain I asked not to have deleted
> thanks a lot retard... You must really be a super genius hacker! Oh, gee did
> you teach me a lesson about security? I think not blockhead - No you tought
> me that even morons sign up for linux user groups!

	OTOH...  Heinlein also said to never attribute to malice what
can be explained by simple stupidity.  Someone probably just clicked
on the wrong thing and ooopppsss...  Too late.  More about safety checks
and error checking than security...  If someone had wanted to embarrass
you, they could have don't much worse (like route your web server to some
bestiality site or something - you really DON'T want to be memorialized
on the AllDas defacement site.) than just deleting your domain.  Smells
like a screwup more than malice aforethought.

> Anyway - I took the webserver down so don't bother following the link, :(


> > Wow -I am a blockhead...
> >
> > http://www.refriedgeek.com
> >
> > Thanks
> > Ken
> >
> >> On Friday 12 April 2002 09:52 am, Ken Nagorski wrote:
> >>> Hi there,
> >>>
> >>> Check it out.
> >>
> >> Uhhh...check it out where?
> >>
> >> ---
> >> This message has been sent through the ALE general discussion list.
> >> See http://www.ale.org/mailing-lists.shtml for more info. Problems
> >> should be  sent to listmaster at ale dot org.
> >
> >
> >
> >
> > ---
> > This message has been sent through the ALE general discussion list. See
> > http://www.ale.org/mailing-lists.shtml for more info. Problems should
> > be  sent to listmaster at ale dot org.
> 
> 
> 
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
> 
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.

-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list