Re: Security (was Re: My World) (General Discussion)
Re: Security (was Re: My World) // General Discussion
Aug 8, 2001, 12:31am
Finally someone with some inteligence... I was about to give up trying to
get the poit accrost to him. Thanks....
;-)
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jeremy Booker
JTech Web Systems
(www.JTechWebSystems.com -- Coming Soon)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[View Quote]"builderz" <sawran at yahoo.com> wrote in message
news:3B703976.8F86AF86 at yahoo.com...
> Well, if someone wanted to launch a Distributed Denial of Service (DDoS)
> attack against your server and you told them you were running Windows NT
> and had a 1.2 mbps upstream connection to the Internet, they could then
> estimate how many other computers they would need to compromise to flood
> your connection with useless data and knock you off-line.
>
> I don't know if you've ever heard of buffer overrun (also known as
> buffer overflow) errors, Agent, but those types of attacks exploit a
> flaw in unchecked buffers in either the OS itself or a running
> process/program and try to either crash the system or execute code. If a
> hoster listed the amount of RAM in their server(s), it would give a
> better general idea of how long it would take to accomplish this or even
> if it would be possible or not. Intelligence gathering is key if you are
> a hacker. Generally, the more you know about something, the easier it is
> to hack into.
>
> I believe that most "true" malicious hackers have a goal or motivation
> to break into your system, instead of script kiddies doing port scans on
> the same IP address range your server is located on. It also depends on
> how much (or how little) information you reveal. Just saying that you
> use Windows verses a flavor of Unix could make a difference. However,
> you are generally correct in saying that giving out your system specs
> shouldn't make you more vulnerable, Agent. Any system with any specs
> running any OS connected to the Internet has a chance of it being
> compromised.
>
> While I'm at it, let me bring up a good point, Agent. You said: "If you
> keep your OS and software updated you usually won't have a problem."
> Most people I know usually say that. However, have you seen how many
> servers have been infected with the Code Red worm (and its variants)?
> All of it could be prevented by a simple patch that was released almost
> a MONTH before the outbreak. One of the main problems is getting IT
> people to actually regularly patch and audit their systems the right
> way.
>
> Builderz
> Stuff-X - Bot & World Hosting Services
> http://aw.stuff-x.com/
> PGP Key ID: 0xAC0E7073 (for non-commercial use)
>
> agent1 wrote:
make you vulnerable. If you keep your OS and software updated you usually
won't have a problem. Also, how does giving out specifics like bandwidth,
processor speed, memory, etc. affect whether or not one can break in to your
machine?
|
|