On Sat, 8 Jun 2002, John Hebert wrote: > > Stereotyping? What exactly _do_ you call kids that > wanna appear as 1337 h4x075 but can't figure out for > themselves how to actually break into a computer, so > they download somebody else's script that does it for > them? >
"open source software users"? ;-) That is the *only* tidbit I'm gonna contribute to this conversation! r00tkitting was the proposed subject of a LUG meeting that got bitbucketed a long time ago, so it's a valid subject. I totally agree that one should know basic security and a ton about their OS before getting into this, but that's entirely to preserve notions of "honor" and "dignity", largely absent in the use of r00tkits in the first place. Am I curious? Yes. Have I bothered yet? No. Did I use my own 1337 5Ki11Z to engineer a CodeRed-host scanner for my last employer? Yes, both out of curiousity for the attack itself and a depth of knowledge about the systems involved. Grab a kit, read the docs, browse the source. Test it on YOURSELF, preferably unplugged from the internet and AFTER you've grabbed cleansing tools from Symantec or wherever. Know what it does FIRST, before you start depending on it for your education. I would hate to grab someone's worm, start playing with it without taking basic precautions, and have it reveal my Windows boxen to the author because I was careless and 1337 and 57VPID. A more useful approach, in the long run, would be to find known holes in old versions of wu-ftpd and sendmail, then exploit them yourself. Find out what's wrong with these broken old versions, exploit them in a controlled environment, WITHOUT relying on internet scanning tools. nmap YOURSELF a new one where the sun don't shine, for all I care. There are kits out there that run themselves, but the mentality involved in running them carelessly is what we all point and laugh at in the closed-source software world. Point-click, get careless, get infected by the kid who WROTE the darn thing because his tool calls home with your IP address. NOT the way to learn. Perfect way to get h0z3d. -j
