Griffin > Tasks > Personal experiences of Internet crime > Self-advertising vulnerable machines, passive scanning
Griffin2
Follow Production
Share
You must be a member of private group Hidden Tasks to view this task

The Griffin -team is looking for your ideas and comments.

Join and show your support for Griffin.

Join This Production
Lair8bsm_thumb
Thomas Shaddack October 27, 2009 07:07 2 Thumb-ups
Flag this shot
Add to Favorites

Self-advertising vulnerable machines, passive scanning

When a machine has a vulnerable service exposed to the Net, it can be (and usually is) scanned for that and then infected. The worm then usually uses the machine as an attack base for scanning more machines and spreading itself exponentially.

By doing the probes, it advertises its presence - and also its vulnerability. Merely by listening to the probes on my firewall, I can make myself an up to date database of easy-to-compromise hosts for case of need. Then, when a proxy or other service needs to be used, look up the logs and pick a suitable victim for a temporary hijack. Passive way, minimizing chance of being detected.

Passive methods are the best for routine use. No broadcasting what you're doing, just listening. And knowing.

Jump to comment form

Comments

David Jansson November 15, 2009 09:23 Flag

You're scaring me...

You must login or register to comment