On Fri, 24 Nov 2006, Joachim Schipper wrote:
> While I'm inclined to agree with the last part, setting up a botnet
> isn't *that* hard.
Particularly in the domain .kr, which Igor sees intermittent attack
from. Korea has the perfect "ecosystem" for such a botnet -- very
large numbers of pretty fast CPU machines (Made in Korea, very good,
fast enough to run a bot without the user noticing ;-), a very,
very large amount of ADSL or cable-modem connections, (and good
world-wide trunks, too), high percentage of unpatched or neglected
Windoze machines of ancient OS release, since Internet use is very
wide-spread and most users are (therefor) very naive, a government
that does not do gross censorship as in China, and in fact is not
too interested in security or related issues. Hence all the @#$%
spam from .kr -- the bot nets already exist, are in the hands of
professional spammers, and any organization intersted in scanning
lots and lots of hosts, say knocking on ssh ports, can hire them
and run them without a lot of expertise. Now let's say that that
person interested in scanning/mapping the world and starting stealthy
attacks against ssh open machines happens to be a Chinese governmental
agency, and they want deniability.
After a scan of a netblock, you find some hosts that look real
secure, all nicely buttoned up, no rpc crap hanging out for the
world to probe, no goofy toy services running -- you fingerprint
that box as OpenBSD, latest release. The ssh port is open. This
is a high-value machine, probably. People don't buy tanks and hire
armed guards to protect their lawnmower. BTW, this is the *sole*
security disadvantage to OpenBSD I've ever really noted: it's like
a new bank with a big, shiny vault and a sign out front, "Gold
stored here! Security is our Lifeblood!". Armored trucks are seen
driving in and out through the heavily guarded gates. Serious
badguys are going to be interested. I get probed all the time,
even sitting on the end of a 56K dialup, including brute ssh hacks,
when I have ssh open. I've thought of hanging a sort of Tiergrube
off that port, but at 56K it would also DoS myself.
> > > I also rely on having the abiltiy to install/upgrade remotly and ssh
> > > into the system post install. With root access blocked off, well...kind
> > > of hard!
>
> > I am curious... how can OpenBSD be remotely installed on a computer
> > without a [serial console]? How can the installer be run remotely
> > without a device that the operating system calls "console"?
>
> Well, at least theoretically, one could just replace the install script
> by one that does whatever you want it to, without asking any questions.
Yup, build a custom bsd.rd. Not that hard for upgrading purposes,
no operator on the remote end is required. I don't know how to do
this for a clean install on, say, (pardon me) a Windoze machine that
is being improved, without having a remote operator install a floppy
or CD (or other appropriate installation medium for other arch's) at
the remote end.
Dave
--
"Confound these wretched rodents! For every one I fling away,
a dozen more vex me!" -- Doctor Doom
