[AusNOG] Analysis of the Carna Botnet (Internet Census 2012)

Tim March march.tim at gmail.com
Wed May 29 12:49:42 EST 2013


On 29/05/13 12:40 PM, PRK wrote:
> On 2013-05-29 11:52, Tim March wrote:
>> Yeah, I was literally just sitting here wondering how fast they'd
>> react if you scripted up an "nmap | ncrack | nc `login && write
>> erase`" on all the vulnerable hosts...
>>
>> "20,000 of your customers just went offline and need manual
>> intervention to re-establish their service. Good luck with that."
>
> I expect "they" would react rather fast, and you'd find yourself in
> prison pretty damn quickly.
>
> After all, with all the "cyber war" and "cyber terrorism" hysteria in
> the news at the moment, I'm sure the LEAs would love to be able to
> prosecute and jail a real "hacker" in order to demonstrate that they're
> "taking it seriously".
>
> And despite my eye rolling at the current hysteria, I'd still be there
> applauding if the police caught and prosecuted someone who'd maliciously
> wiped live router configs and taken down customer connections just for
> the lulz.
>

Yeah, because the punters that are out there executing malicious network 
attacks 'for the lulz' would totally never do anything like that just in 
case the AFP kick their door in =)

Besides, running Tor and `proxychains nmap -n -sT -sV -iL $input -oG 
$output -p 23` will pretty much do what you want and keep an attacker 
reasonably anonymous...


T.



More information about the AusNOG mailing list