The Museum of HP Calculators

HP Forum Archive 16

[ Return to Index | Top of Index ]

Alternate link to bypass OpenRPN site problem
Message #1 Posted by Hugh Evans on 5 Apr 2006, 6:38 a.m.

Please bookmark http://www.openrpn.org/index.php until this latest vulnerability is corrected.

      
Re: Alternate link to bypass OpenRPN site problem
Message #2 Posted by Tim Wessman on 5 Apr 2006, 9:36 a.m.,
in response to message #1 by Hugh Evans

So why does this keep happening? Is it something wrong with the webhost? Or have you somehow gotten on a list of "best 100 sites to hack" or something?

I've had several webpages and none of them have ever ad problemz.

TW

            
Re: Alternate link to bypass OpenRPN site problem
Message #3 Posted by Frank Boehm on 5 Apr 2006, 10:13 a.m.,
in response to message #2 by Tim Wessman

The problem is "preconfigured" software; this may be the pre-installed OS or the user software (bulleting board software, but might be some libraries as well). There are "on-click" exploits widely available, I guess some folks are even spidering for vulnerable sites and auto-exploiting them. There are two counter-measures available: upgrade to the latest version (might be difficult if it's a shared server) *and* rename the standard installation path/files. With this last measure, it is even possible to use exploitable versions, as the "script kiddy" scanner will fail...

                  
Re: Alternate link to bypass OpenRPN site problem
Message #4 Posted by Hugh Evans on 5 Apr 2006, 10:43 a.m.,
in response to message #3 by Frank Boehm

Thanks for the ideas, I'll send them over to Chad and with any luck we can finally stop these script kiddies.

                  
Re: Alternate link to bypass OpenRPN site problem
Message #5 Posted by bill platt on 5 Apr 2006, 10:53 a.m.,
in response to message #3 by Frank Boehm

One thing to understand about "vulerability" is that just because you may think of your project, or company etc as a "low profile" enterprise does not make it low profile to the crackers. Rrealize that the cracking sniffing process is automated. For instance, if you leave a port open, it is not if, but when you will be cracked. In fact, it is only a matter of minutes.

My company's IS manager put up a test server one day to demonstrate this. He left an open port, and simply let is sit there for a few hours. Then he came back and read the log file. The port was found about 5 minutes after putting it up, and within a 1/2 hour, the command files had been cracked. The cracker, once he found an open port (through his automated crawler) put down his porn and his cheesy junk food snacks and went to work. He re-wrote the primary command script, injecting commands that made him an admin etc. All of his changes were caught by the log file. In fact he didn't do all that good a job at cloaking identity...but it ultimately dead ended in Russia.

Very powerful demonstration.

                        
Re: Alternate link to bypass OpenRPN site problem
Message #6 Posted by . on 5 Apr 2006, 7:33 p.m.,
in response to message #5 by bill platt

Quote:
Rrealize that the cracking sniffing process is automated. For instance, if you leave a port open, it is not if, but when you will be cracked. In fact, it is only a matter of minutes.

I'm not sure I'd agree with that. Remember that for a server to work, it has to have at least 1 port open. Having a port open does not mean the server will be hacked.

Take google, yahoo, HP, etc. All their website have open ports. It's just the way the web works.

.

PS, to the openRPN team: How is the PCB going for the 49g+ retrofit kit? I asked you a few weeks back and didn't get a reply.

                              
Re: Alternate link to bypass OpenRPN site problem
Message #7 Posted by Thomas Okken on 5 Apr 2006, 8:35 p.m.,
in response to message #6 by .

Quote:
I'm not sure I'd agree with that. Remember that for a server to work, it has to have at least 1 port open. Having a port open does not mean the server will be hacked.

There's a difference between having a port listening (which is indeed necessary if you're going to run any kind of service -- the remote PCs have to have something to connect to!) and having a port open (as in, allowing administrative access to any random stranger who knows a few default passwords).

In Los Alamos in 1945, there were people (about 1 in 5, apparently), who did not change the combination on their safes from the original combination. If you can imagine how easy that must have made the work of any spy, now imagine a similar lack of security today, only now we're not talking about a smallish office complex, but about the whole Internet. This is the kind of carelessness that script kiddies exploit.

- Thomas

                                    
Re: Alternate link to bypass OpenRPN site problem
Message #8 Posted by Guest on 10 Apr 2006, 9:49 p.m.,
in response to message #7 by Thomas Okken

I take it you've never read "Los Alamos from Below." Too bad. Get a copy of "The Pleasure of Finding Things Out."

Security at Los Alamos was horrible.

                                          
Re: Alternate link to bypass OpenRPN site problem
Message #9 Posted by Thomas Okken on 11 Apr 2006, 10:41 a.m.,
in response to message #8 by Guest

Thanks for the tip -- but I actually have read "Los Alamos From Below" -- that's where I got the figure of "1 in 5 safes with the factory combination unchanged" from. :-)
I thought it was funny how the basics of cracking haven't changed over the years. You simply start out by assuming that most people are lazy and stupid, at it works disturbingly often...

- Thomas

                              
Re: Alternate link to bypass OpenRPN site problem
Message #10 Posted by Frank Boehm on 6 Apr 2006, 2:17 a.m.,
in response to message #6 by .

>Having a port open does not mean the server will be hacked.

depends: open the telnet port and your site is under attack by automated dictionary scripts which *will* find the password sooner or later (SSH is way too slow in opening connections, so this would take forever <g>)

(sheesh, I remember the "good old days" when it was possible to offer anonymous ftp upload/download and it wasn't necessary to update your OS for years; the only attack I ever experienced was a formmail.pl which has been uploaded by a customer - the SPAM attack sure wasn't nice...)

                  
Re: Alternate link to bypass OpenRPN site problem
Message #11 Posted by Geir Isene on 5 Apr 2006, 11:29 a.m.,
in response to message #3 by Frank Boehm

http://www.isene.com/artweb.cgi?article=006-update.txt

      
These are the %&$%&$%& that hacked your site:
Message #12 Posted by Frank Boehm on 5 Apr 2006, 10:17 a.m.,
in response to message #1 by Hugh Evans

http://www.somethingrare.net/

you can even mail him at u00z@hotmail.com =P


[ Return to Index | Top of Index ]

Go back to the main exhibit hall