[CentOS] Calling all Hackers

Stephen John Smoogen smooge at gmail.com
Sat Oct 17 23:07:54 UTC 2009


On Fri, Oct 16, 2009 at 10:39 PM, DTS-Corp (Knowledgebase)
<mlists_subs at dts-int.com> wrote:
> Hey guys.
>
> I have a server that is owned by me and can confirm through servint that it
> is owned by me.
>
> I would like to do a penetration test and of course to allow you to upload
> files on the server and kind of trash it to the point where it is always
> restarting and running out of memory etc etc.
>
> This is going to be mainly script kiddie stuff, however will be able to get
> you hired on with me for some other jobs that are invovlving network
> security evaluations.
>
> Here is the server info
> Cpanel and WHM running on CentOS
>
> hostname level1.ixkt.net
> IP addresses 64..131.81.30
> 64.131.81.31
> 64.131.81.32
> 64.131.81.30
>
> SSH Port is on 3734
>

A word of advice to both sender and readers.. do not follow up on this.

1) Penetration tests to have some value must show what was done and
what was not done. They must show what steps were taken to reach zero.
And then they must be evaluated to see if those steps could have been
mitigated. A call for all hackers does not usually get that.

2) Network penetrations need to be done to make sure that you do not
violate your SLA with your network provider or cause problems with
other customers on that network. It also may violate various laws and
statutes of where the co-location is at.

3) While "To catch a thief" is a nice movie.. you are probably not
going to run into a Cary Grant type. It is more like you are going to
down to a seedy bar in the docks and yelling out "Hey I need someone
to rob my house to see if the security system I bought works, and I
have a bunch of money on me to pay you."

4) It has become a common ploy to get people to attack another
person's network by registering that they 'own' the space etc.
Everyone from Russian gangs to local police use it at one point or
another. Professional security people who aren't looking to spend time
in prison will make sure that there is a legitimate contract in place
and that the client is aware of the various risks involved.




-- 
Stephen J Smoogen.

Ah, but a man's reach should exceed his grasp. Or what's a heaven for?
-- Robert Browning


More information about the CentOS mailing list