sniffer/promisc detector

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Jan 20 06:52:17 UTC 2004


On Mon, 19 Jan 2004 23:26:30 MST, Brett Watson <brett at the-watsons.org>  said:

> > hacked? (Answer - you will never be hacked, if
> > you use nonstandard port, except if you attracks someone by name, such as
> > _SSH-DAEMOn.Rich-Bank-Of-America.Com_.

> Go grab nessus (www.nessus.org), modify the code a bit, and I guarantee you
> that your ssh daemon running on a non-standard port can still be found,
> identified, and exploited. Trivial.

Alexei's point is that *yes*, things like Nessus *will* find a relocated SSH -
but that if you're getting Nessus scanned, somebody has painted a bullseye
target on YOUR site, not "any site vulnerable to <exploit du jour>".  The
people looking for "any vulnerable site" will just go SSH-scanning on port 22
and be done with it, since it's simply NOT PRODUCTIVE to do an exhaustive test
of each machine. One probe at port 22 will probably go under the radar,
scanning all 65K ports is sure to peeve somebody off....


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20040120/2a5c1d51/attachment.sig>


More information about the NANOG mailing list