Lan Barnes wrote: > On Wed, Apr 20, 2005 at 12:18:15PM -0700, John H. Robinson, IV wrote: > > > > So, where is the practical difference between an unknown token > > (password) and an unknown token (url)? > > > > A little out of my depth here, but I would think a portscan of IP addr > space for, say, Cox with attacks on any responses to 80 would be a lot > easier and would bear more fruit than dictionary attacks on passwords, > even for weak (i.e., in the dictionary) passwords. And that's assuming > you respond to ping.
We are not talking about rogue webservers, but urls that are obfuscated, or no public links to them. I know I have a webserver on jaqque.sbih.org, but do you know where I keep the file john-and-cameron-prom.png ? It is on there, somewhere. And since Cox blocks port 80, you won't find much except maybe rogue servers on their corporate network. That might produce some rather interesting results :) -john -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
