North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Banc of America Article
- From: Ryan Fox
- Date: Sat Jan 25 22:40:37 2003
> > Does anyone else, based upon the assumptions above, believe this
statement
> > to be patently incorrect (specifically, the part about 'personal
> > information had not been at risk.') ?
>
> Which not technically correct, they are not technically incorrect
> either.
Hm. One possible attack on BoA's data would be to log incoming udp port
1434 requests to your network, and cross reference the source addresses with
BoA's netblocks. Now you have a list of verified vulnerable BoA MSSQL
servers.
While it's possible that _none_ of the vulnerable servers have _any_
'personal information', I'd venture to guess otherwise.
While I'm on the topic of attacking servers that attacked you first, can I
get some opinions on the ethics of this? I think a targeted attack like the
one I described above would surely be crossing the proverbial line, but what
about an automated nmap scan of attacking hosts, where the data would be
used for aggragate statistics? Thoughts?
Ryan
|
