[ subject line changed to something sane ]
> In my opinion, one of the most worrying hacks that would be
> fairly easy to target a UNIX or Solaris system is the well
> known xspy hack. If you can get a user to run a program
Again, this all depends on some one being on the system already and they
open the door one way or another.
Suppose that there is a server somewhere, running Solaris, and you want to
crack into it. There are no users there to help you. You have no one that
you can drag out to the local pub and ply with free booze, women, money or
threats. You have no access to the server physically and there is no sshd
daemon listening.
If we run nmap ( or whatever the name du jour is ) we see :
Warning: OS detection will be MUCH less reliable because we did not find at
least 1 open and 1 closed TCP port
Interesting ports on xxx.xxx.xxx.xxx:
(The 1667 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
123/tcp open ntp
Device type: general purpose
Running: Sun Solaris 9
OS details: Sun Solaris 9 with TCP_STRONG_ISS set to 2
OS Fingerprint:
TSeq(Class=TR%IPID=I%TS=100HZ)
T1(Resp=Y%DF=Y%W=C0B7%ACK=S++%Flags=AS%Ops=NNTMNW)
T2(Resp=N)
T3(Resp=N)
T4(Resp=N)
T5(Resp=N)
T6(Resp=N)
T7(Resp=N)
PU(Resp=N)
Uptime 392.121 days (since Sat Nov 17 18:25:16 2006)
TCP Sequence Prediction: Class=truly random
Difficulty=9999999 (Good luck!)
TCP ISN Seq. Numbers: 7E932964 D0425673 DBFFBE65 ADDAC32C D1E4BB03 79E893E7
IPID Sequence Generation: Incremental
That is what a typical Solaris server looks like. Like a damned slammed
shut door into which nothing enters unless you allow it.
So ... what do you do ?
Dennis
_______________________________________________
opensolaris-discuss mailing list
[email protected]
