RE: Trying sec on your own little box !

From: leon (leon@inyc.com)
Date: 11/29/01


From: "leon" <leon@inyc.com>
To: "'marcus'" <mlandahl@tiscali.se>, <security-basics@securityfocus.com>
Subject: RE: Trying sec on your own little box !
Date: Wed, 28 Nov 2001 20:59:50 -0500
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA+8DoZCJ8SEaYk5pn4rrIf8KAAAAQAAAAkoVQr7UjUkGRG/7+pADxFAEAAAAA@inyc.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Here are my thoughts:

First off you have absolutely NO BUSINESS running exploits on random
ip addys (please don't let this tangent into the old is portscanning
legal vs illegal holy war, fact of the matter is he has tried a
working exploit on a random ip, think if it was you). Secondly I
would suggest if you want to learn to about security why don't you
set up a test network for yourself. Further and finally are you sure
the exploit works? I am betting you didn't code it yourself and
unless you can read code I bet you really don't know much about it,
how it works or if it is broken. Just because the thing compiles
doesn't really mean that it will do what you (assume / expect???) it
to do.

HTH and don't attack random ip address' that is not a very neighborly
thing.

Len

- -----Original Message-----
From: marcus [mailto:mlandahl@tiscali.se]
Sent: Tuesday, November 27, 2001 4:08 AM
To: security-basics@securityfocus.com
Subject: Trying sec on your own little box !

Hello !

My first msg to this list !

I wanto improve the security of my linux slackware 7.0 box!
I have an exploit that should work for my ftp service, but when I run
it on
localhost or 127.0.0.1 nothing happens. If I run it on a random IP
wich
probably doesn't have the same service or even linux it acts
differentelly.

So..... ???

/I really should come up with a nifty nick !

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPAWWj9qAgf0xoaEuEQICOQCguLPIJK+pS7XadbmFgf7hk3XCxuoAn0zT
ivGe6f6aozx8L5EnlwwXkhdG
=gM43
-----END PGP SIGNATURE-----



Relevant Pages

  • Re: Trying sec on your own little box !
    ... Attacking any box that does not belong to you ... > would suggest if you want to learn to about security why don't you ... > I wanto improve the security of my linux slackware 7.0 box! ... > I have an exploit that should work for my ftp service, ...
    (Security-Basics)
  • Trying sec on your own little box !
    ... I wanto improve the security of my linux slackware 7.0 box! ... I have an exploit that should work for my ftp service, but when I run it on ...
    (Security-Basics)
  • Re: FTP...
    ... Hello Jacky, thank you for your information but this is what I did and it didn't have any effect. ... I had to restart the FTP service for it to take effect. ... Russ, agreed with your comments, its an Audit issue, Auditors / Inspectors must see a particular folder Folder / file list, time file created and accessed are all very important. ... In addition,I suggest the following steps for security purpose. ...
    (microsoft.public.windows.server.sbs)
  • Re: Trying sec on your own little box !
    ... > I wanto improve the security of my linux slackware 7.0 box! ... > I have an exploit that should work for my ftp service, but when I run it on ... please refrain from targeting random Internet hosts. ...
    (Security-Basics)
  • Re: **Secure** Ftp server
    ... > I suppose that the security of the server is related with the intrinsic ... Pick a FTP Service that has a proven track record and shows little or ... your router/firewall logs, check for new folders with strange names, ... then block as many foreign subnets at the firewall as you can. ...
    (comp.security.misc)