[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

UJ> I think it is not too difficult to write a tool that scans the IP
UJ> ranges of the big providers and roots every box it finds,
UJ> automatically. The problem here is not the individual bandwidth of the
UJ> machine, but the bandwidth of all the rooted boxes combined!

UJ> Imagine that: some script kiddie cracks 10 boxes, somewhere on the
UJ> internet. He installs that scanning software, sets each up to randomly
UJ> scan a couple of providers. He finds 1000 boxes and uses them for some
UJ> DDoS-attack. Just imagine: alle those boxes are ISDN. So he has 64
UJ> MBits to play with. But the Deutsche Telekom alone has approximately
UJ> 500k IPs, of which (just a wild guess) 400k are in use at all
UJ> times. So he likely finds more than 1000 open boxes. 10k? 100k?

Actually it was already done once! About a month ago or less there was
story about worm which scanned for unpathched RedHat boxes and cracked

| Ilya Martynov (http://martynov.org/)                                    |
| GnuPG 1024D/323BDEE6 D7F7 561E 4C1D 8A15 8E80  E4AE BE1A 53EB 323B DEE6 |
| AGAVA Software Company (http://www.agava.com/)                          |

Reply to: