Swiki pollution...
Ned Konz
ned at bike-nomad.com
Mon Aug 26 23:37:55 UTC 2002
On Monday 26 August 2002 01:05 pm, Alain Fischer wrote:
> ip68-7-80-223.sd.sd.cox.net has locked
> http://minnow.cc.gatech.edu/squeak/1184
>
> In the last weeks I have tried to restore the swiki to keep our
> invaluable
> Squeak documentation. But now, I wasn't able to restore it.
>
> Peraps a simple scheme that could possibly work in most case is to
> have a list of ip address or range of address with editing
> capability disalowed.
> This seem to be a low cost solution. I know that it's easy to
> switch to another
> provider with other range of ip but the more work for the malicious
> one. After a few week, I think the swiki will be free of these bad
> boys.
I don't think this will work. For one thing,
ip68-7-80-223.sd.sd.cox.net was probably not the actual IP of the
locker/editer of the page.
$ sudo nmap 68.7.80.223
Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
Interesting ports on ip68-7-80-223.sd.sd.cox.net (68.7.80.223):
(The 1542 ports scanned but not shown below are in state: closed)
Port State Service
25/tcp filtered smtp
80/tcp filtered http
111/tcp filtered sunrpc
119/tcp filtered nntp
135/tcp filtered loc-srv
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
27374/tcp filtered subseven
31337/tcp filtered Elite
In other words, this machine is a (probably cable connected) Win9x
machine that has been infected by the Sub7 (port 27374) and the Back
Orifice (port 31337) trojans. This machine and many similarly
infected machines can be used remotely (and easily, which is
important to the script kiddies) to attack other machines.
How will an IP-based protection scheme work when there are thousands
of IP addresses for each attacker to choose from?
--
Ned Konz
http://bike-nomad.com
GPG key ID: BEEA7EFE
More information about the Squeak-dev
mailing list
|