sniffer/promisc detector
Ruben van der Leij
ruben-nanog at nutz.nl
Wed Jan 21 14:58:14 UTC 2004
+++ Michael.Dillon at radianz.com [21/01/04 10:52 +0000]:
> >> > Uhm, that would be wrong. This is simply "security through
> >> > obscurity".
> >> Yes, it is wrong for the _smart books_. But it works in real life.
> >Actually, an automated script or manual scan can find it trivially.
> If security through obscurity was useless then the USAF
> would never have developed the stealth bomber.
TINS (There is no Stealth)
Stealth only works because of the limited number of frequencies used by
military radar. Somebody using a (very) different frequency or a broadband
radar would see your F117A just fine.
The same applies for digging yourself into the sand. That works fine in a
sandy desert, but is no practical methode for hiding yourself on a rocky
desert or in the snow.
The message is: stealth might work in a limited number of situations.
Trusting on stealth will make you look silly in the end. You hiding in
a clearly visible pile of snow with footsteps leading to it. Or running an
outdated (and exploitable) sshd on port 2222.
Like said before: a scripted attack would trivially find your superstealth
ssh-port. Connect to $port, wait for 'SSH-1.99*' or a timeout, and repeat
for $port++.
> If you can use obscurity and camouflage to divert a percentage of the
> attacks against you
Somebody who isn't smart enough to do 'nmap -p 0-65535 $target' isn't worth
diverting. The 'security' gained with that is negliable. 'Camouflage' on the
big bad internet is mainly a game of fooling yourself into feeling secure.
The newest feature in H4x0rSh13ld Pr0 2003 SE, for the masses. I wouldn't waste
time on matters to trivial to have any measurable effect.
But. Just opinions. Mine, that is.
--
Ruben van der Leij
More information about the NANOG
mailing list