Re: Putty Proxy login/password discolsure....

[Michael Holstein <michael.holstein () csuohio edu>]

> It's also loads of fun if the box in question is a server that's being
> monitored by Big Brother or similar.  Kinda hard to erase the 'red' marker
> on the big screen in the NOC.  Similar comments apply to machines that
> report to a central syslog server...

7b) unplug target network cable [thus avoiding the remote syslog issue]

With BigBrother you get 5 minutes (typically) before you create an alarm 
.. so, depending on what sort of Oragami is required to get into the 
server, that may be possible.

The easiest thing to do though would be just flip the power on a whole 
rack (and maybe a few next to it) .. somebody will just figure a janitor 
tripped over something.

... or just hit the EPO on the way out of the datacenter. We had that 
happen *more than once* at a former site because people mistook it as 
the release for the maglocks (which it sort of still was, since those 
were on datacenter power).

~Mike.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/