On Wed, Apr 20, 2005 at 02:48:25PM -0700, John H. Robinson, IV wrote: > Lan Barnes wrote: > > On Wed, Apr 20, 2005 at 12:18:15PM -0700, John H. Robinson, IV wrote: > > > > > > So, where is the practical difference between an unknown token > > > (password) and an unknown token (url)? > > > > > > > A little out of my depth here, but I would think a portscan of IP addr > > space for, say, Cox with attacks on any responses to 80 would be a lot > > easier and would bear more fruit than dictionary attacks on passwords, > > even for weak (i.e., in the dictionary) passwords. And that's assuming > > you respond to ping. > > We are not talking about rogue webservers, but urls that are obfuscated, > or no public links to them. > > I know I have a webserver on jaqque.sbih.org, but do you know where I > keep the file john-and-cameron-prom.png ? It is on there, somewhere. > > And since Cox blocks port 80, you won't find much except maybe rogue > servers on their corporate network. That might produce some rather > interesting results :) >
Uh huh. This is really one of the areas where I don't know much. Apparently (another thread) I don't know much about the things I know about, either ... <sigh> -- Lan Barnes [EMAIL PROTECTED] Linux Guy, SCM Specialist 858-354-0616 -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
