Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

To: Ullrich Jans <ujans@ullisys.pond.sub.org>
Cc: debian-devel@lists.debian.org
Subject: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
From: Ilya Martynov <m_ilya@agava.com>
Date: 20 Apr 2001 15:53:55 +0400
Message-id: <[🔎] 87zodbss6k.fsf@juil.domain>
In-reply-to: <[🔎] ofblmovkjiz.fsf@ullisys.pond.sub.org>
References: <[🔎] 20010418171100.B8620@omega.resa.es> <[🔎] 20010418174912.C19507@hell.hell.pl> <[🔎] 20010419040932.I5361@omega.resa.es> <[🔎] 20010418233248.B1598@photino.sid.rice.edu> <[🔎] 20010419232808.A19601@studserv.stud.uni-hannover.de> <[🔎] ofblmovkjiz.fsf@ullisys.pond.sub.org>

UJ> I think it is not too difficult to write a tool that scans the IP
UJ> ranges of the big providers and roots every box it finds,
UJ> automatically. The problem here is not the individual bandwidth of the
UJ> machine, but the bandwidth of all the rooted boxes combined!

UJ> Imagine that: some script kiddie cracks 10 boxes, somewhere on the
UJ> internet. He installs that scanning software, sets each up to randomly
UJ> scan a couple of providers. He finds 1000 boxes and uses them for some
UJ> DDoS-attack. Just imagine: alle those boxes are ISDN. So he has 64
UJ> MBits to play with. But the Deutsche Telekom alone has approximately
UJ> 500k IPs, of which (just a wild guess) 400k are in use at all
UJ> times. So he likely finds more than 1000 open boxes. 10k? 100k?

Actually it was already done once! About a month ago or less there was
story about worm which scanned for unpathched RedHat boxes and cracked
those.

-- 
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
| Ilya Martynov (http://martynov.org/)                                    |
| GnuPG 1024D/323BDEE6 D7F7 561E 4C1D 8A15 8E80  E4AE BE1A 53EB 323B DEE6 |
| AGAVA Software Company (http://www.agava.com/)                          |
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Reply to:

References:
- ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: PiotR <piotr@omega.resa.es>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Miros/law `Jubal' Baran <baran@makabra.knm.org.pl>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: PiotR <piotr@omega.resa.es>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Rahul Jain <rahul@rice.edu>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Ingo Saitz <Ingo.Saitz@stud.uni-hannover.de>
- Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
  - From: Ullrich Jans <ujans@ullisys.pond.sub.org>

Prev by Date: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Next by Date: Re: codpieces of eight
Previous by thread: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Next by thread: Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default
Index(es):
- Date
- Thread