Posted on 09/29/2005 6:15:26 PM PDT by Golden Eagle
SEPTEMBER 28, 2005 (COMPUTERWORLD) - A company server that some workers at Novell Inc. apparently used for gaming purposes was hacked into and then used to scan for vulnerable ports on potentially millions of computers worldwide, according to an Internet security consultant.
The scans, which have been going on since Sept. 21, are targeted at TCP Port 22 -- the default port for Secure Shell (SSH) services. SSH programs are used to log into other computers over a network or to execute remote commands and move files between machines in a secure fashion. Scans against the port are often an indication that hackers are looking for vulnerable SSH systems that they can break into and take control of.
(Excerpt) Read more at computerworld.com ...
One should avoid Texas Hold 'Em on the job....
ping
Since you brought up Microsoft, ever heard of anything like this ever happening with them? I don't recall anything like this myself, especially something that was sending out attacks on others.
Whoah...how stupid can ya be? One of our guys set up a server distributing movies over the internet. We found out later that afternoon and he was shown the door.
If they have any sort of actual security at the perimeter, somebody with authority to stop this should have been aware of this server long ago. This could indicate bigger problems with their configuration that need correction, in addition to a cleanup of whatever other servers that don't support their business but are out on their network. Wonder if we'll hear much else about it.
From a news article just this week:
http://www.theinquirer.net/?article=26537
OSS PING
If you are interested in the OSS ping list please mail me
While the guards didn't come pummel this mofo (that I know of), I read his sentence did get changed from 5 years to 30 for attempted escape. Should have been that much to begin with, he had ripped off a school district for $250K somehow.
"'The employees that set it up apparently had no idea of security,' Brandon said. 'But what is really surprising is that Novell would allow employees to set up game servers on their corporate network and then allow the public to access it.'"
It's not "surprising" at all, given my same experience by some server-side/network computers doing the very same thing....the better server-admins. in some organizations respond with at least acknowledging the problem and then repairing or taking the offending computer offline until repair, but what is ACTUALLY surprising is how many networks do not even seem to care (that they enable zombie computers, which this article describes). Whether they care or not isn't the important thing here but it is important whether or not they repair the problem. There are so many infected computers that it can be overwhelming to see...well, something like a hit to a website every two minutes for hours on end from state, .gov level IPAs, schools and such. I get the impression that some server admins. can't be bothered.
I don't see where that article indicates anything like this happening to or at Microsoft. Did you have something else, since you seem certain it should have happened to them instead? I guess it seems like it should have, since they have so many more servers, users, administrators, and according to you less secure software.
Where I work EVERYTHING going in and out of the perimeter is carefully monitored, and indexed based on requirement down to the port. Either you do that, and maintain control, or you have no control, there really is no middle ground.
Like I wrote previous, in my experience, with some networks responsible for similar behaviors as here, I actually contact them and send copies of the site stats that evidence one of their IPAs and it's remarkable how few even respond...some do, the better administrated ones, but more don't.
For example, I found an IPA from the Georgia Board of Regents (probably a state library, maybe a school or admin. office, who knows) that was guilty of this and contacted them and they responded, very nicely, that they'd taken the offending terminal down and were repairing; also same from the University of Florida, Deleware state .gov system, places like that that I actually took time to correspond with about their problem, BUT, what's surprising is how many didn't even respond (Cal State Chico didn't, a major university in Canada didn't, etc.).
This zombie behavior is far more prevalent than this article lets on. Doesn't make it right because, in fact, I loathe it and agree that whoever writes malware ought to be in jail for a long time. Unfortunately, spammers even sell malware on the internet calling it "advertising" and "marketing" software but it works on the same principle: infecting any available computer and then using it to infect others, all for access to information and to avoid paying their own way. At least, I guess. I think most of it is done to be destructive, nothing smart or cute about it.
I agree with you. And, in which case, you are among the good guys. And I thank you, not that it matters specifically, but it's important that some admins. do their job well, helps the general internet community with each responsible act like yours.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.