[support@backup.hmdc.harvard.edu: [hmdc.harvard.edu #4073] FYI: mon]

To: debian-isp@lists.debian.org
Subject: [support@backup.hmdc.harvard.edu: [hmdc.harvard.edu #4073] FYI: mon]
From: "Theodore J. Knab" <tknab2@washcoll.edu>
Date: Wed, 10 Sep 2003 11:03:37 -0400
Message-id: <[🔎] 20030910150336.GA27424@annapolislinux.org>

Some of you might find this one interesting. 

In a world where IT security sometimes means keeping services out of
sight. Both Harvard and MIT advertise everything they have up and
running.

If I was a cracker running a DOS, I could use this information to 
monitor the machines I knocked of the network. Additionally, this list
has all of the servers that both MIT and Harvard monitor in their data center. 
The monitoring program being used is called mon. I use it and was
digging for info on the cgi interface that displays server info.

So, I thought I would warn them with this message:
-------------------------------------------------------------------------
FYI:

A google search on mon brings up your cgi interface for mon.
http://www.google.com/search?q=mon+dns&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=10&sa=N

[see second page link line six]

Your mon program is accessible by the world.

With a current world wide population of 6.3 billion you are inviting an
attack.
http://www.populationmedia.org/

Please lock down access to the following host:
http://mon.hmdc.harvard.edu/mon.cgi?command=query_opstatus_full


Here is the reply:
----- Forwarded message from Matthew Cox via RT <support@backup.hmdc.harvard.edu> -----

X-RT-Loop-Prevention: hmdc.harvard.edu
Subject: [hmdc.harvard.edu #4073] FYI: mon 
Managed-BY: Request Tracker 2.0.13 (http://www.fsck.com/projects/rt/)
From: Matthew Cox via RT <support@backup.hmdc.harvard.edu>
RT-Ticket: hmdc.harvard.edu #4073
Reply-To: support@backup.hmdc.harvard.edu
RT-Originator: mcox@latte.harvard.edu
To: tknab2@washcoll.edu

> Your mon program is accessible by the world.

We do intend for it to be publicly available. It allows us to give in
depth status to our various patrons.

> With a current world wide population of 6.3 billion you are inviting
> an attack.

There is no information on that page that couldn't be garned with a
quick NMAP scan.

Thank you for your concern.

Matt

-- 
Matthew P. Cox
Senior Systems Administrator / Systems Programmer
Harvard-MIT Data Center

----- End forwarded message -----

Ted Knab
Chester, Maryland

Reply to:

Follow-Ups:
- Re: [support@backup.hmdc.harvard.edu: [hmdc.harvard.edu #4073] FYI: mon]
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: Dovecot
Next by Date: Re: [support@backup.hmdc.harvard.edu: [hmdc.harvard.edu #4073] FYI: mon]
Previous by thread: 2 hba's accessing same disk
Next by thread: Re: [support@backup.hmdc.harvard.edu: [hmdc.harvard.edu #4073] FYI: mon]
Index(es):
- Date
- Thread