Not as secure as you'd like to think


Recommended Posts

I run a private FTP on my server (one of my server's functions). Basically, I keep a running log for roughly a week.

Well, when I get bored, I go through my logs and check ip addys and whatnot and see if I see any unrecognized ones. Granted, I have a dynamic IP addy, so maybe some of these people hitting me are just lost users looking for the old owner of this IP.

So what I like to do is fire up a program I have and try to do a null session connection to these people and see what info I can dig up (I mostly do this out of boredom, I've actually never done it to try and actually gain access to a computer {at least one that wasn't my own}).

Typically, most cases result in a cannot connect, or access is denied. That's good. At least these people have some sort of security (either secured through a firewall or NAT or properly secured OS).

But then there's the occassional person who is wide open to attacks. And today, I got the worst one I'd ever seen.

A LITTLE EXCERPT FROM THIS ONE MACHINE:

total 20 user accounts, 1 workstation accounts, 1 server accounts, 0 domain trust accounts and 5 unsecure passwords!

Now when I scanned and brute forced them (just a tiny dictionary attack), I used a measly little dictionary file of 30 words. This took roughly 7 minutes total to do and in exchange for that time, well, you can see what I got. Luckily for them, I'm nice enough to track down their email addy and send a notice to their admin about this.

That's just sad though.

I sugest to those of you who don't have ports 135-139 secured (NetBIOS) to google RestricAnnonymous, and Null Session.

There are also other fun ports which you should lock down. Go check out some security sites for more info.

Edited by ToastGodSupreme
Link to comment
Share on other sites

Luckily for them, I'm nice enough to track down their email addy and send a notice to their admin about this (actually found the admin's addy on one of the unsecure drives, go figure

bad move. :no:

if their systems got compromized before you can the 1st person to blame..

you accessed private systems for which you had no authorization access

for all you know it could've been honeynet...

Link to comment
Share on other sites

yeah but if he did alter something he probley would of not sent em a mail but people are kind and understanding maybe the place he got in to would understand what he did he could of saved em ????

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.