The Aerie
I'm getting too old for this sort of thing.
It all started last Wednesday, when I notified a client that an
authorized external scan of their firewall had revealed a
vulnerability. One of their computers showed up as heavily
compromised, a real hacker haven, a brothel of infestation by backdoor
programs and other vulnerabilities.
The next morning, at 8 a.m., I was on plane to their distant city. By
five p.m. preliminary discussions had been completed and (more
importantly) personnel had cleared out of the data center, so we could
begin searching for the compromised system. For reasons I can't go
into, the managers did not want the IT staff to know about all this.
So we started searching. Nothing was labelled. Cables led nowhere. And
the computer we were looking for wasn't listed on any network maps.
Hours of fruitless searching later, we started calling people one by
one, carefully descending the chain of management through trusted
persons.
Finally one fellow knew enough about the network layout to lead us out
of the data center, down the hall, into an unlocked lab, and up to a
patch panel that led us eventually to the culprit system. A phone call
to the responsible party, and the screensaver came off and...
It was a hxneypxt.
Sorry, replace the x's with o's, I don't want any search engines
drawing hackers in here.
A Hxneypxt is a computer set up to trap hackers by drawing them in
with FAKE vulnerabilities. In this case, it caught the security white
hats instead of the security black hats. Very reckless on the part of
the fellow who set it up, since you ARE attracting hackers -- just
because you don't get into the bait system doesn't mean you won't find
the vulnerable system right next to it and hack that.
I was majorly bummed. I'd been up about 21 hours and flown for six,
and I was out for blood, not simulated blood.
But it was better for the client that the vulnerability wasn't real.
They got a good education about security and an example of how hard it
is to do it reactively, and without the cost of an actual security
breach.
But I'm getting too old for this. After (only) 21 hours of work on
Thursday to Friday, it took me until Monday morning to recover. I
slouched through the weekend like I had a lead weight on my back.
Managed to get to the gym on Sunday only because the family dragged me
along with them. And got little done with any other things I wanted to
accomplish this weekend.
Sunday we headed over to the May Day festival. It was gray and
blustery and cold out, with gusts over 35 MPH. Nonetheless the mostly
left-wing paraders made the best of it, struggling into a headwind in
an apt metaphor of the political times. I was annoyed because I
couldn't find my digital camera in order to provide some pictures.
Still haven't found it in fact, I know it's somewhere around this pit
we call a home.
It's still cold and blustery today, but at least my brain feels like
it's firing on all three cylinders.
Sigh. I used to be able to work 36 hours and go out for beers
afterwards. Now a 21 hour workday flattens me for half a week. Getting
old sucks, but I suppose the alternative is worse.
Speaking of which, tomorrow it's over to Moldy's for a showing of
'Spirited Away'.
[1]Last
Posted by Albatross at May 5, 2003 12:00 AM