“Empty Red Bull cans litter the floor, reflecting the warm glow
of the monitors. Alongside the sketch boards lie drained liters of
Mountain Dew, partially eaten burritos and dozens of 486 machines
configured as Linux Beowulf clusters. A Pentium II machine plugged
into a seemingly endless line of surge suppressors hums as it
continues to brute-force password guesses at a rate of 10 million
per second. Only 12 more hours to go…”
“All the machines have their lids off-no hard-core geek is ever
satisfied with the state of a system. Legal pads are covered with
IP addresses, penciled network maps and port numbers. As the
attackers’ scripts relentlessly scan for the presence of the
recently identified CGI vulnerability, they continue to exchange
notes with the crew on IRC (Internet Relay Chat). They figure once
they’ve compromised a few dozen ISPs-creating a network of
“stepping stones”-they can forge ahead to their target…”
“It takes one to know one” may be cliche, but it holds up in
the network security arena. Understanding how attackers operate is
invaluable-in fact, it’s your best defense. The concept of
“hacking” into your own network for security purposes isn’t
new. Dan Farmer published a paper in 1995 entitled “Securing
Your Site by Breaking Into It…”