Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: application for an employment

from [David Gillett] Network Security [Permanent Link]
Subject: RE: application for an employment
Date: Thu, 30 Mar 2006 15:29:30 -0800 
 


-----Original Message-----
From: Ansgar -59cobalt- Wiechers [mailto:bugtraq@planetcobalt.net] 
Sent: Thursday, March 30, 2006 10:35 AM
To: security-basics@securityfocus.com
Subject: Re: application for an employment

On 2006-03-30 David Gillett wrote:

The legitimate reason you have is the simple fact that you 

don't have 

any other option of determining what services are available on a 
given host or range of hosts.


  Yes you do.


No, I don't. There are some exceptions, where I don't have 
to, but in general there is no way of finding out other than 
actually connecting to the service.


  Suppose you want to send me an email.  By your argument, 

your only 

option is to scan our whole address block(s!) looking for machines 
that will answer on port 25.
  Bzzzt!  WRONG!  Do a DNS lookup for the MX records for our domain.


So, how do I do a DNS lookup without somehow accessing port 
53/udp of a DNS server that I do not own? How do I get 
permission to do that?


  You don't.  You send your DNS query to a server you *do* have permission
to access, and it queries servers that *it* has permission to, and so on.
By registering our domain, we've given the root servers permission to refer 
queries *about our domain* to the servers we've registered.
 

  Suppose you want to register online to take courses here. 

 By your 

argument, your only option is to scan our address space for 

hosts that 

answer on ports 80 and 443.
  Bzzzt!  WRONG!  Point your browser at the college homepage (you 
could Google for it) and follow the links to "Registration".


So, how does Google get the address of your webserver? Or 
permission to access/index it? How do I get permission to 
access Google? And how does a listing of $something in Google 
give me the permission to access it?


  AFAIK, Google still supports a mechanism for telling them about specific
pages to be indexed.  And their spider plays by the robots.txt rules, which
your port scanner probably does not.
 

  Suppose you want to compromise one of our hosts to set up a warez 
server.  By your argument, your only option is to scan our address 
space looking for a host running a service for which you have an 
exploit available.
  Uh, wait.  You just lost the qualifier "legitimate".


I was by no means talking about exploits. In fact I expressly 
stated that one may be held liable when breaking something 
(which you obviously chose to ignore for whatever reason).


  Oh, okay, let's exclude all non-legitimate examples.  Then give me a
legitimate one, please, that I *can't* knock down.


  If I want you to be able to use a service X on host Y, I 

will find 

some way to advertise that service.  If I don't advertise 

the service, 

it may be something that I don't even know is there -- perhaps 
installed silently by the OS or some legitimate application, or 
perhaps by some cracker.  In neither case is there a 

presumption that 

I'm inviting you to use it, if only you can find it.


That's ridiculous and you know it. The Internet does not have 
advertisement mechanisms for services. The network is public 
and so is every service on it. It was your decision to put 
the box into a public network and there are ways to know what 
services it provides (and to disable those services you don't 
want to provide). I cannot know if you made a service 
available on purpose, and I do not have to assume that you 
didn't. If I had to, the Internet would have to be shut down 
right this second.


  I've already listed two "advertising" mechanisms, without going
into silly proprietary endeavors like SLP.


Bottom line: If you don't want your property trespassed, 
don't put it into public places.


  Our data center is not, by any stretch, a public place.  By your
analogy, my lawn becomes a public parking lot because a driveway 
connects it to the street.  Once again, "Bzzzt!  Wrong."


Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to 
patches becoming available."
--Jason Coombs on Bugtraq


David Gillett



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Setting up BIND on SunOS, V1N0D
Next by Date:  Re: Family protection - proxy?, barcajax
Previous by Thread:  Re: application for an employment, Ansgar -59cobalt- Wiechers
Next by Thread:  Re: application for an employment, Ansgar -59cobalt- Wiechers
Indexes:  [Date] [Thread] [Top] [All Lists]