Steve Werby wrote: > I'd personally be more worried that someone at your server's > data center could sniff packets sent to your server, grab > your login info and get in...or pull the drive out and copy > it..or reset the admin password. > Once you have physical access to a drive it's trivial to > access anything on the drive.
ISTR saying this before... may have been a different list. My job involves looking after two disparate networks with several thousand machines on them. Sure, I could sniff the traffic and use someone's login info to get in, or even go as far as physically removing a drive, but what would that get me? A bunch of web pages? Some jokes by email? Even more spam than I already see every day? No thanks. One of the reasons that you guys (people running webservers and the like) pay us (colocation or server leasing companies) is that we are staffed by *professionals*. Professional behaviour in a job like this means precisely NOT taking advantage of the power under your fingertips unless you do it to prevent disruption of normal operations. You'll find that pretty much all major data centre installations have the capability to sniff all traffic at their site boundaries, simply because it allows them to safeguard their customers' machines and data. Personally (and I can only speak from my perspective here) if someone in a position of that much power was to abuse it, they would quickly be caught and would probably find it very difficult to gain employment in the field again. I think you'll also find that abusing any sort of data sniffing capability for personal gain would probably fall under (in the UK at least) the Data Protection Act, but more probably the Misuse of Computers Act; if it wasn't simply defined as theft. That's why we (well, I!) don't do it. We do our jobs, what lives on your server is not remotely interesting. Sorry to put it like that, but it's the easiest way for me to look at it! <coming back on-topic> Regarding the correlation between addresses on this list and servers being 'hit' - in whatever way - I think that it's deeply unlikely that there's any great relationship between the two, so I agree with Steven. Most crackers do things in an automated fashion and then read the results when they're next at their terminal. Let's face it, a kiddie (and most of them are) is definitely not gonna trawl through the Cobalt archives, are they? You'd get bored pretty quick if you did! Graeme _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
