On Tue, 30 Jul 2002 20:15:43 -0400 PlugHead <[EMAIL PROTECTED]>(by way of PlugHead <[EMAIL PROTECTED]>) wrote:
> (* Another post to expert, another dropped message... *) > > On Monday 29 July 2002 10:56 pm, David Guntner wrote: > > I aggee with you that security through obscurity is no > > security at all. However, adding obscurity as a layer on top > > of existing security certainly doesn't hurt anything. :-) > > Indeed, if someone were doing a bulk scan of ip address blocks, > wouldn't they most likely "miss" services on non-standard ports? > > If they are specifically targeting your address, aren't there > ways of slowing them down? Here's a thought, how about a few > random bogus services? Something that looks like a ssh login, > but _always_ fails--AND throws up a big warning message (to the > console or some such) for good measure? Or maybe automatically > blocks that IP address for good? Actually, if you're going to > do the later, it could be something as simple as a listening > socket that blocks any IP address that attempts to connect to > it... (Personally I'd get more satisfaction out of wasting the > hackers time with a bogus login prompt, There used to be a Unix program called Fly-Paper. ( Newer versions under differing names may still exist.) What it did was take a standard service that isn't used. (Like Telnet) and put a program listening to that port that would "capture" the client scanning it. Basically freezing their scan program until they turned it off. Now the part about the program that wasn't so nice was that it also used that open channel to root and then destroy the other box. Not exactly Kosher. Never saw it in the wild but the demo was neat on a friends home system. Win95 quickly became scrabbled eggs. James > but that's just me... :) > > Finally, David, have you considered the possibility that the > security breach actually came from your Windoze :) box? If you > picked up a trojan keystroke watcher, and you login from that > box, then someone's got your password... On the plus side, if > I'm reading the Snort docs correctly, once you have that > installed, it will watch for any strange activity on your local > network, not just targeted at your linux box. (So, if e.g. your > Windows PC starts broadcasting BackOrifice messages you'll know > it...) > > -Jason > > ========================= > "In a word -- im-possible!" > "That's two words," said Dibbler. > (Moving Pictures) > >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
