Re: Alternate link to bypass OpenRPN site problem Message #5 Posted by bill platt on 5 Apr 2006, 10:53 a.m., in response to message #3 by Frank Boehm
One thing to understand about "vulerability" is that just because you may think of your project, or company etc as a "low profile" enterprise does not make it low profile to the crackers. Rrealize that the cracking sniffing process is automated. For instance, if you leave a port open, it is not if, but when you will be cracked. In fact, it is only a matter of minutes.
My company's IS manager put up a test server one day to demonstrate this. He left an open port, and simply let is sit there for a few hours. Then he came back and read the log file. The port was found about 5 minutes after putting it up, and within a 1/2 hour, the command files had been cracked. The cracker, once he found an open port (through his automated crawler) put down his porn and his cheesy junk food snacks and went to work. He re-wrote the primary command script, injecting commands that made him an admin etc. All of his changes were caught by the log file. In fact he didn't do all that good a job at cloaking identity...but it ultimately dead ended in Russia.
Very powerful demonstration.
|