sniffer/promisc detector
Niels Bakker
niels=nanog at bakker.net
Tue Jan 20 23:57:35 UTC 2004
* davei at algx.net (Dave Israel) [Tue 20 Jan 2004, 18:48 CET]:
> On 1/20/2004 at 09:18:07 -0800, Alexei Roudnev said:
[..]
>> - unpatched sshd on port 30013 - safety is 7 (higher) because no one
>> automated script can find it, and no one manual scan find it in reality
> Actually, an automated script or manual scan can find it trivially.
> All you have to do is a quick port scan, looking for this:
[..]
Indeed. And Alexei's point is that noone is looking for that.
> one across the enterprise, so it is only really obscure once. Moving
> port numbers only protects you against idle vandalism; it is useless
> against people who truly wish you harm.
Alexei's point also was that you need additional measures against those
people.
> You really need a firewall, particularly one that can detect a port
> scan and shut off the scanner, for changing ports to have any real
> security. It is kind of like a 4-digit PIN being useless for a bank
> card without the 3-try limit.
Unless you like really, really sore fingers, and don't think a long line
of people waiting behind you at the ATM will attract any attention from
the bank employees.
-- Niels.
More information about the NANOG
mailing list