ThreadBoard ArchivesSite FeaturesActiveworlds SupportHistoric Archives |
Re: Security (was Re: My World) (General Discussion)
Re: Security (was Re: My World) // General DiscussionbuilderzAug 7, 2001, 5:01pm
Well, if someone wanted to launch a Distributed Denial of Service (DDoS)
attack against your server and you told them you were running Windows NT and had a 1.2 mbps upstream connection to the Internet, they could then estimate how many other computers they would need to compromise to flood your connection with useless data and knock you off-line. I don't know if you've ever heard of buffer overrun (also known as buffer overflow) errors, Agent, but those types of attacks exploit a flaw in unchecked buffers in either the OS itself or a running process/program and try to either crash the system or execute code. If a hoster listed the amount of RAM in their server(s), it would give a better general idea of how long it would take to accomplish this or even if it would be possible or not. Intelligence gathering is key if you are a hacker. Generally, the more you know about something, the easier it is to hack into. I believe that most "true" malicious hackers have a goal or motivation to break into your system, instead of script kiddies doing port scans on the same IP address range your server is located on. It also depends on how much (or how little) information you reveal. Just saying that you use Windows verses a flavor of Unix could make a difference. However, you are generally correct in saying that giving out your system specs shouldn't make you more vulnerable, Agent. Any system with any specs running any OS connected to the Internet has a chance of it being compromised. While I'm at it, let me bring up a good point, Agent. You said: "If you keep your OS and software updated you usually won't have a problem." Most people I know usually say that. However, have you seen how many servers have been infected with the Code Red worm (and its variants)? All of it could be prevented by a simple patch that was released almost a MONTH before the outbreak. One of the main problems is getting IT people to actually regularly patch and audit their systems the right way. Builderz Stuff-X - Bot & World Hosting Services http://aw.stuff-x.com/ PGP Key ID: 0xAC0E7073 (for non-commercial use) [View Quote] |