Re: Security (was Re: My World) (General Discussion)

Thread

Board Archives

	Bots
	Community
	General Discussion
	Sdk
	Wishlist
	Author Search

Site Features

	Citizens List
	Badges & Achievements
	Events Directory
	News and Articles
	Worlds List
	About Alphaworld
	Search Object Paths

Activeworlds Support

	Download Activeworlds
	Quickstart Tutorial

Historic Archives

	Truespace Archives
	Newsgroup Archives

Re: Security (was Re: My World) (General Discussion)

Re: Security (was Re: My World) // General Discussion

datedman

Aug 22, 2001, 12:35pm

Actually, it's not the IT people who are responsible for Code Red continuing to bash us for most of the month. I actually tried to contact some of the people who are infected. Turns out they are all clueless people running Personal Web Server who don't even have a default page where you can find out how to
contact them.

[View Quote] > Well, if someone wanted to launch a Distributed Denial of Service (DDoS)
> attack against your server and you told them you were running Windows NT
> and had a 1.2 mbps upstream connection to the Internet, they could then
> estimate how many other computers they would need to compromise to flood
> your connection with useless data and knock you off-line.
>
> I don't know if you've ever heard of buffer overrun (also known as
> buffer overflow) errors, Agent, but those types of attacks exploit a
> flaw in unchecked buffers in either the OS itself or a running
> process/program and try to either crash the system or execute code. If a
> hoster listed the amount of RAM in their server(s), it would give a
> better general idea of how long it would take to accomplish this or even
> if it would be possible or not. Intelligence gathering is key if you are
> a hacker. Generally, the more you know about something, the easier it is
> to hack into.
>
> I believe that most "true" malicious hackers have a goal or motivation
> to break into your system, instead of script kiddies doing port scans on
> the same IP address range your server is located on. It also depends on
> how much (or how little) information you reveal. Just saying that you
> use Windows verses a flavor of Unix could make a difference. However,
> you are generally correct in saying that giving out your system specs
> shouldn't make you more vulnerable, Agent. Any system with any specs
> running any OS connected to the Internet has a chance of it being
> compromised.
>
> While I'm at it, let me bring up a good point, Agent. You said: "If you
> keep your OS and software updated you usually won't have a problem."
> Most people I know usually say that. However, have you seen how many
> servers have been infected with the Code Red worm (and its variants)?
> All of it could be prevented by a simple patch that was released almost
> a MONTH before the outbreak. One of the main problems is getting IT
> people to actually regularly patch and audit their systems the right
> way.
>
> Builderz
> Stuff-X - Bot & World Hosting Services
> http://aw.stuff-x.com/
> PGP Key ID: 0xAC0E7073 (for non-commercial use)
>
[View Quote]

Awportals.com · ProLibraries Live · Twitter · LinkedIn