Re: Scanners using netcraft?

[mike.johnson () GD-CS COM (Mike Johnson)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 12:22 AM 1/5/00 -0800, you wrote:

> My questions for the list:
> 1. is netcraft.com being used it some mass scan for a httpd related
> or other remote overflow?

If it's not already, it should be.  It's not that difficult to punch
an httpd version into netcraft.com and wait for a list of vulnerable
servers.  Meaning, if one does a search for an ancient version of
Apache, there's a decent chance that the server is vulnerable.

On the other hand, I know Attrition's aget uses netcraft.com.  Did
your friend make Attrition's list of defaced pages?

> 2. Is Mandrake 6 obviously vulnerable to something I'm not aware of?

If your friend didn't update, then there's a lot of holes.
http://www.linux-mandrake.com/en/fupdates.php3
will answer all.  It depends on what software was installed/running.
There's remote root holes (assuming that you didn't already check
this).

> Thanks,
>    Mike
>    Security and stuff. Hire me.

Mike

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

iQA/AwUBOHOFR84uRYBTQkEoEQIu8ACfSa3mexMRvkcP4RBIdEDwCPk4rPcAn28K
p+C4C54LF2RrRLyNt+10waBa
=juLT
-----END PGP SIGNATURE-----

--
Mike Johnson - mike.johnson () gd-cs com
Network Engineer - New Technology Group
General Dynamics - All opinions are mine, not General Dynamics'.