Re: [support@backup.hmdc.harvard.edu: [hmdc.harvard.edu #4073] FYI: mon]
On Thu, 11 Sep 2003 01:03, Theodore J. Knab wrote: > Some of you might find this one interesting. > > In a world where IT security sometimes means keeping services out of > sight. Both Harvard and MIT advertise everything they have up and > running. I don't think that letting people know which servers are online is a problem. If they are secure then it's fine, if they aren't then security by obscurity never did any good. However if someone wants to mount an attack that requires spoofing IP addresses etc, then having current ping times etc displayed can really make it a lot easier... -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
[support@backup.hmdc.harvard.edu: [hmdc.harvard.edu #4073] FYI: mon]
Some of you might find this one interesting. In a world where IT security sometimes means keeping services out of sight. Both Harvard and MIT advertise everything they have up and running. If I was a cracker running a DOS, I could use this information to monitor the machines I knocked of the network. Additionally, this list has all of the servers that both MIT and Harvard monitor in their data center. The monitoring program being used is called mon. I use it and was digging for info on the cgi interface that displays server info. So, I thought I would warn them with this message: - FYI: A google search on mon brings up your cgi interface for mon. http://www.google.com/search?q=mon+dns&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=10&sa=N [see second page link line six] Your mon program is accessible by the world. With a current world wide population of 6.3 billion you are inviting an attack. http://www.populationmedia.org/ Please lock down access to the following host: http://mon.hmdc.harvard.edu/mon.cgi?command=query_opstatus_full Here is the reply: - Forwarded message from Matthew Cox via RT <[EMAIL PROTECTED]> - X-RT-Loop-Prevention: hmdc.harvard.edu Subject: [hmdc.harvard.edu #4073] FYI: mon Managed-BY: Request Tracker 2.0.13 (http://www.fsck.com/projects/rt/) From: Matthew Cox via RT <[EMAIL PROTECTED]> RT-Ticket: hmdc.harvard.edu #4073 Reply-To: [EMAIL PROTECTED] RT-Originator: [EMAIL PROTECTED] To: [EMAIL PROTECTED] > Your mon program is accessible by the world. We do intend for it to be publicly available. It allows us to give in depth status to our various patrons. > With a current world wide population of 6.3 billion you are inviting > an attack. There is no information on that page that couldn't be garned with a quick NMAP scan. Thank you for your concern. Matt -- Matthew P. Cox Senior Systems Administrator / Systems Programmer Harvard-MIT Data Center - End forwarded message - Ted Knab Chester, Maryland -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]