calling attention to servers
bmanning at vacation.karoshi.com
bmanning at vacation.karoshi.com
Tue Jan 30 23:56:06 UTC 2001
Its a honeypot Chris.... if the goal is to deny intel, don't
spraypaint it a neon green. Camo is much nicer... if that is the
tactic you wish to take.
>
> attack away... it's a bit harder to figure out what it is... and bind's
> not exploitable (at least not yet...) so as long as all other things are
> 'ok' I'm just denying intel to the 'enemy'... besides, tcp queries are
> verboten anyway :)
>
> --Chris
>
>
> On Tue, 30 Jan 2001 bmanning at vacation.karoshi.com wrote:
>
> > lets see... (from previous discussions on the usefullness of tweeking
> > the version)
> >
> > wearing my blackhat, i have to decide which system is worthty
> > of my talents... which one should I pick?
> >
> > version "bad-ass-bind";
> > -or-
> > version "9.1.0"
> >
> > of course I could be running 4.8.1 and simply recompile so it _reports_
> > a bogus version but the profile of a 9.1.0 code base is -very- distinct
> > from a 4.8.1 code base... esp on replies to queries.
> >
> > Pick your targets carefully.
> >
> >
> >
> > > Why not jus return some 'bogus' version ??? like this option allows:
> > >
> > > version "bad-ass-bind";
> > >
> > > :)
> > > >
> > > > --Chris
> > > >
> > > > #######################################################
> > > > ## UUNET Technologies, Inc. ##
> > > > ## Manager ##
> > > > ## Customer Router Security Engineering Team ##
> > > > ## (W)703-289-8479 (C)703-283-3734 ##
> > > > #######################################################
> > > >
More information about the NANOG
mailing list