|
|
Posted by Michael Fesser on 10/22/07 21:53
..oO(Sanders Kaufman)
>"Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
>news:ffqdnWXoe6LKtYHanZ2dnUVZ_qWtnZ2d@comcast.com...
>
>> What you don't get is - hackers don't care. They just start a program
>> which picks an IP address and hits every port on that address, looking for
>> anything open. If there are no ports open, they move onto the next IP
>> address in line.
>>
>> It costs them *nothing* to do it. And most will have dozens of these
>> programs running simultaneously, looking for ways to break in.
>
>Well - nothing except time.
Massively parallel port scanning should be quite cheap on a modern
machine and a good connection. Such scanners can run in the background,
while you're watching a movie, having sex or even during the night.
Time is not really an issue here.
>And even then - you've got no idea what kind of target you've got.
Who cares? Spammers send out _millions_ of emails. It's more than enough
if 0.1% hit their "target". You can fire a thousand bullets out of a
machine gun - often it's enough if _one_ hits the target critically.
>Bettter to go somewhere where you already KNOW that you'll get the kinds of
>hits your looking for, than to scan every PC on the web.
Many years ago it already was that simple: Start the scanner, enter an
IP range - and go. Yes, I've tried such a tool out of curiosity, because
I wanted to know if it's really that easy. And it was. There's _always_
a lot to find (in that case open Windows shares), and with such a tool
you don't even really have to search for it - just start it, let it do
the work and wait for the results.
And I'm pretty sure - today it's even simpler for the script kiddies,
there are enough tools around. They fire it up in the morning, and when
they come back from school, they have a nice list of new victims or
maybe even more already.
Micha
Navigation:
[Reply to this message]
|