[vox-tech] Verify Ubuntu files

Bill Broadley bill at cse.ucdavis.edu
Sat Aug 16 12:55:38 PDT 2008 

Gandalf Parker wrote:
> On the other hand, most attacks arent real hackers. Real hackers are rare. 
> Most attacks are script-kiddies, and some are crackers, but few are 
> hackers.

I'd disagree with that one, it definitely was true.  But increasingly the 
quality of attacks are improving.  While the average skill of the attacker 
hasn't increased (still lots of script kiddies) the better attackers are 
getting more organized, and leveraging various pieces of p2p technology to 
make resilient hard to detect networks that can attack 100M machines in
just a few minutes.

So I'd say that most attacks these days don't involve humans, but are a direct 
result of someone being pretty smart.

> Hackers are knowledgeable and experimentally minded. They do not 
> use standard tools and therefore standard tools tend to not work as well 
> for them. Also a surprising number of hackers are not malicious, just 
> irritating.

Again years ago I'd agree, these days the non-malicious attacker is in the 
small minority.

> Script-kiddies are the vast majority and most likely to hit a home system. 
> They are clueless. They have found an attack tool online and are playing 
> with it.

Again, years ago I'd agree.  Be careful in that being the easiest to find does 
not mean they are the most popular.  In fact I've seen obvious signs of script 
kiddies to cover up the signs of a reboot when in fact a much more 
sophisticated attack lay underneath.

> Once you start watching the security of your system you might feel panic 
> at seeing all the attacks you are getting. But dont be concerned. You are 
> getting them all along. Most of them are brute force such as trying huge 
> files of possible logins with huge files of common passwords. A standard 
> system and good password habits will cover you there. Packages such as 
> ChkRootKit and TripWire will help you sleep at night (of course they can 
> be bypassed but think of it like having a great door lock which is 
> adequate even though it wouldnt keep out an expert burglar)

Tripwire run in a live environment is useless, step #1 for script kiddies is
to attack the kernel.  So even if it helps you sleep at night, it's not 
actually helping.

BTW, one thing I forgot to mention, if you don't need to be network visible, 
don't be.  Get a $50 router running ip masq.  Although my  home linux box is 
network visible and I don't worry about it at all.  Sure if there's a remote 
root exploit for sshd I'd be probably just reinstall from scratch, fortunately 
those are pretty rare.

> 
> Gandalf  Parker

More information about the vox-tech mailing list