Nice flame, but your answer had nothing to do with the question. Attacking a web site
by port scanning is totally independent of all the intervening technologies. The
question had to do with the security inherent in the frame itself and what exposures
using this technology introduces. The answer should discuss attacks that are made
available by the technology. A short concise answer with a reference to were one might
fine more information seems like a good response to me!
Bill
Marc Renner wrote:
> *laugh*
>
> Paraphrasing from Mastering Network Security by Chris Brenton page
> 125, it can be broken into if:
>
> Someone is connected to the CO and switch, and they know your DLCI.
>
> The book goes into it a little more.
>
> THX,
> Pete Goodridge
>
> So what you're telling this person is to go buy a book? If this is all we are going
>to tell people who traffic this mailing list for help, we undermine the very purpose
>of it's existence - INFORMATION. I would suggest that if you do not have anything of
>value to post, please refrain..we all have enough SPAM to deal with day-to-day.
>
> Ron: In response to your original question, about 99.98% of internet traffic is at
>some point "frame-relay". As a result the majority of "Hacked" or "compromised"
>systems are done using a frame relay circuit at some point between the criminal and
>the victim. This does not need to be done using a "sniffer". Typically it's done by
>port scanning, with a utility that scans an IP address or range of IP addresses for
>open or active ports. Once the active ports are noted a hacker will then trying to
>brute-force their way into the system by using pregenerated login/password lists and
>a program that will keep hammering the system with different combinations of
>logins/passwords untill it finds one that works.
>
> Packet sniffing attacks are relatively rare, one must have access to your cable
>structure in order to grab your packets. OR as Mr. Brenton points out access to your
>telephone company's cable structure.
>
> All these reports of web sites being hacked and "Stolen" are done by poorly written
>cgi scripts that allow command line executions (earlier versions of Apache Web Server
>were notorious for allowing these cgi scripts by default)
>
> I hope this helps clear things up...
>
> Marc Renner - Director
> Network Operations Dept.
> City of Marysville, Wa.
>
> ++Don't get MAD....Get NDS!++
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
