[NCLUG] Network configuration
R P Herrold
herrold at owlriver.com
Thu Oct 26 20:38:27 MDT 2000
On Thu, 26 Oct 2000, Sean Reifschneider wrote:
> On Thu, Oct 26, 2000 at 08:28:10AM -0400, R P Herrold wrote:
> > Often I cannot understand
> > how they were NOT cracked -- Open old named, open portmapper,
>
> The reason they weren't cracked was that the IP address space is
> fairly sparse.
Concur ... The more clever ones will target with a zone
transfer, but a random walk is just as likely to be
productive. A sensible one would exclude .gov and .mil, I
would think, to avoid well-resourced motivated adversaries
.. I run a klaxon recorder or two at a few sites ... It is
mildly humorous to watch them walk up a C class in sequential
fashion.
Occasionally I will trigger a shapshot for an hour with the
Shadow IDS, for more detailed post-processing.
More information about the NCLUG
mailing list