Home page logo

basics logo Security Basics mailing list archives

Re: hax.tor
From: "0x90" <secbasics () spam gagspace com>
Date: Tue, 27 Nov 2007 01:31:28 +0100

Dear Attila,

What do you want to SSH connect to FBI-s homepage?

I don't want them to "SSH connect". All you do is connect, and not SSH.

If this is a game, why don't you provide yourself the target for
scanning it?

I do provide myself as the target for most challenges, should the level require portscanning, exploiting a PHP, etc. In this case, we are not talking about scanning, we are talking about aquiring a simple banner. The last thing I would want to do is send the player to do illegal activities. The challenges that involve sites other than mine (yes, government / google / yahoo / nasa sites) focus on getting information through legal ways. The FBI challenge is one of these, although it is only the second warmup level, so it is still 'too easy', and doesn't provide you with much information - maybe just a smile to make your day as you advance to the other 40 levels.

* Philippe wrote:

They just want to see if you can do a banner grabbing, theres really nothing to it. But I do agree that choosing the FBI is a very very VERY bad way to be serious, it is sending
out the Hacker VS the law image and I would go against this.

None of my hosts have SSH open (and for various reasons won't, neither for just a fake banner). I would have felt bad about putting the player to connect to any average server out there. Just think of it. It would have made no point. On the other hand, the FBI might have had some funny reason to open up that port (which I highly doubt is actually SSH, but who cares), so they probably don't mind anyway. And even if they did, they obviously get no less mass SSH scans a day than any other ip pool does. And those scanners go further than just connecting.

To summarize, this is not the "Hacker VS the law" thing (especially with all the warnings: "do not do anything illegal", "do not spam their forum boards", "do not scan their subnet" etc). I am disappointed and sorry if anybody got the opposite idea. To these people I recommend reading the list of challenges to see the big picture.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]