[Moderator: As I told Jason Storm, working on a server before
hand constitutes more than "one hour" of working on it. Just because
you don't do all of the hacking in one sitting doesn't mean the
time wasn't spent. I still say that hacking 300 servers, OR
doing what they did to 300 vhosts on a single server probably
took more than an hour. For those of you saying "who cares",
it is a matter of media being misleading or lying in order
to make the story more dramatic.]
Reply From: jason storm <swope@soundboy.waveconcepts.com>
> [Moderator: Unfortunately I replied without reading the entire
> article. :) Yes, you can change 300 vhosted sites in an hour.
> BUT, that brings up another mistake. Hacking a single server
> with 300 vhosts doesn't qualify as a "mass attack" in my eyes.]
In point of fact, hacking 300 servers in an hour is entirely feasable.
It would be a matter of scanning the servers before hand, say for bind and
qpopper vulnerablity, then simply running a perl script that went down a
list of servers, rooting each, executing a simple ftp command from each to
get a tar archive via ncftp from a anonymous server.
Once the archive was downloaded, the server could then be told to untar
the archive, perform a 'find / -name index.html', and selectively replace
each one with an altered version from the archive.
As mentioned, if the servers were trojaned before hand this would be no
challenge at all, and wouldnt really constitute a 'mass hack' in my eyes.
Btw, if this was posted two months ago, Id say it wasnt realistic. At the
moment however, with so many distrubutions requiring vital upgrades to
keep out even the most inept intruder, I consider this 300-hacks-per-hour
proposal to be feasable.
Anyone who claims such a scenario is beyond the skills of the media's
beloved "average hacker" is woefully out of touch with the nature of net
security as it stands.
Jason Storm
Admin, Negation Industries
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Mon Jul 6 08:10:18 1998