Re: Security (was Re: My World) (General Discussion)

Re: Security (was Re: My World) // General Discussion

1  |  

builderz

Aug 7, 2001, 5:01pm
Well, if someone wanted to launch a Distributed Denial of Service (DDoS)
attack against your server and you told them you were running Windows NT
and had a 1.2 mbps upstream connection to the Internet, they could then
estimate how many other computers they would need to compromise to flood
your connection with useless data and knock you off-line.

I don't know if you've ever heard of buffer overrun (also known as
buffer overflow) errors, Agent, but those types of attacks exploit a
flaw in unchecked buffers in either the OS itself or a running
process/program and try to either crash the system or execute code. If a
hoster listed the amount of RAM in their server(s), it would give a
better general idea of how long it would take to accomplish this or even
if it would be possible or not. Intelligence gathering is key if you are
a hacker. Generally, the more you know about something, the easier it is
to hack into.

I believe that most "true" malicious hackers have a goal or motivation
to break into your system, instead of script kiddies doing port scans on
the same IP address range your server is located on. It also depends on
how much (or how little) information you reveal. Just saying that you
use Windows verses a flavor of Unix could make a difference. However,
you are generally correct in saying that giving out your system specs
shouldn't make you more vulnerable, Agent. Any system with any specs
running any OS connected to the Internet has a chance of it being
compromised.

While I'm at it, let me bring up a good point, Agent. You said: "If you
keep your OS and software updated you usually won't have a problem."
Most people I know usually say that. However, have you seen how many
servers have been infected with the Code Red worm (and its variants)?
All of it could be prevented by a simple patch that was released almost
a MONTH before the outbreak. One of the main problems is getting IT
people to actually regularly patch and audit their systems the right
way.

Builderz
Stuff-X - Bot & World Hosting Services
http://aw.stuff-x.com/
PGP Key ID: 0xAC0E7073 (for non-commercial use)

[View Quote]

1  |  
Awportals.com is a privately held community resource website dedicated to Active Worlds.
Copyright (c) Mark Randall 2006 - 2024. All Rights Reserved.
Awportals.com   ·   ProLibraries Live   ·   Twitter   ·   LinkedIn