Poor quality of Crackers these days

Post #39,385 by Steven A S 5/21/02 11:34:15 AM Reply	Poor quality of Crackers these days I just got cable internet recently, so I'm playing around with web services on my Linux computer (SuSE). While I'm in the learning period on this, I've started out with max paranoia mode on. besides the firewall that my router provides(which I've tuned up some), I'm also using iptables to fine tune my security measures. I've locked down any mod in Apache that I'm not currently using (currently I'm only serving up straight pages with some clientside javascript, so I don't need a lot). This being said, I'm no less secure than most people serving up web pages. Looking at my Apache logs, I've found several attempts to attack my server from several different IPs. But dispite the different sources, they all appear to follow one of two pre-scripted patterns. The first seems to be a buffer overflow attack. The second just a sequence of probes looking for Windows vulnerabilities. This attack consists of 16 GETs trying to access either root.exe or cmd.exe. It is always the same sequence, and always earns the cracker wannabe at the other end a sequence of 400 and 404 error codes from my Linux box. Now to the point. <rant>We have all these crackers in the world trying to prove they're something special, and they're using pre-made scripts. It seems stupid to me to try and prove you're elite by using somebody else's assemblyline script. What's happened to all the innovation these days. Windows has even siphoned out the need for innovation in crackers, because they're obviously so easy to crack. This may seem like a stupid thing to rant about, but it struck me as strange, that there are so many hack attempts out there and they all seem the same; they're all scripted wastes of time. Do these kids have nothing better to do than put their binary fingerprints all over every server on the 'net?</rant> ~~~)-Steven---- "I want you to remember that no bastard ever won a war by dying for his country. He won it by making the other poor dumb bastard die for his country..." General George S. Patton
Post #39,392 by tseliot 5/21/02 11:58:12 AM Reply	The GETs are most likely a worm, not a human cracker. I can't recall which one offhand--Code Red? IIRC I get them all the time. HTH --------------------------------- Many fears are born of stupidity and ignorance - Which you should be feeding with rumour and generalisation. BOfH, 2002 "Episode" 10
Post #39,429 by drewk 5/21/02 5:52:52 PM Reply	Some responses We have all these crackers in the world trying to prove they're something special, and they're using pre-made scripts. Yup. Pretty sad. It seems stupid to me to try and prove you're elite* by using somebody else's assemblyline script.* Not when "elite" is measured in number of boxes oVVn3d. What's happened to all the innovation these days. Windows has even siphoned out the need for innovation in crackers, because they're obviously so easy to crack. Answered your own question there. This may seem like a stupid thing to rant about, but it struck me as strange, that there are so many hack attempts out there and they all seem the same; they're all scripted wastes of time. If they capture a box, they're not a waste of time. And it's not the skript-kiddie's time being wasted so what does he care? Do these kids have nothing better to do than put their binary fingerprints all over every server on the 'net? Umm ... no. === Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link\|http://z.iwethey.org/forums/render/content/show?contentid=38978\|Andrew Grygus]
Post #40,431 by inthane-chan 5/29/02 9:15:22 PM Reply	OT: l33t sp33k update. It's no longer o\\/\\/n3d - it's now p\\/\\/n3d. And no, don't ask me: a) why or b) how I know this. The SAN loss was horrific enough - I don't want to go through it again. InThane - Now running Ashton rev 2.0
Post #39,469 by static 5/22/02 1:45:28 AM Reply	Worms, not crackers. I see them, too. One of them is Nimda, the other is Code Red. Most of them seem to come from the email variant because if you try to connect back, you don't find a server. Crackers are the ones who show up in your iptables logs trying all your IP addresses. You may not see that, but I have a small address block and see them trying FTP and other things on all of IP addresses. Wade. "All around me are nothing but fakes Come with me on the biggest fake of all!"
Post #39,485 by Steven A S 5/22/02 8:44:42 AM Reply	So the problem I'm seeing is due more to inattentive server administrators (probably home users with little knowledge of the threat). OK, I can see that. As far as finding port probes, any ports except 80 (or open connections from my accessing the internet) are being dropped at my router before they can even get to my iptables, so I don't see alot of that info. ~~~)-Steven---- "I want you to remember that no bastard ever won a war by dying for his country. He won it by making the other poor dumb bastard die for his country..." General George S. Patton

Welcome to IWETHEY!