.mil hacking ?
I came across this piece yesteday and today skjaidev gave me this link http://www.nic.mil/cgi-bin/domain
Thats right. Its the NIC website for the .mil domains. You can add/modify/delete any .mil website.
Cool aint it ? Well. think again.
Port scan on nic.mil given some suspicious info.
It is running Trinoo server ( pre-historic ddos tool), IRC server , and lot other services.
Amazingly its running some conflicting services.
Its running X11, tftp, finger, sunrpc etc – signs of a Unix box ( nmap tells me its Solaris )
However its also running netbios, ms-sql, NetBus etc – things usually found on windows.
How is that possible ? Well the only assumption I can make is that US Dept of Defence is running a honeypot on that machine. I know US DoD sucks .. but not this bad. They wont leave the site open after reports of this hit all over the web.
So go on… hack around.. and soon, Feds will be knocking at your door, accusing you are an Al’kaida suspect. 😉
The link is all over /. Surely they aren’t dumb to rely on this as a honeypot!!