sniffer/promisc detector

• Previous message (by thread): sniffer/promisc detector
• Next message (by thread): SMTP problems from *.ipt.aol.com
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Mine too. So nmap sucks if you want to quickly identify daemons running 
on
>strange ports. No big deal. This discussion wasn't about nmap to start 
with.
>The point of the discussion was wether it made sense to run services on
>non-standard ports to deter cr4x0rs. And I feel it doesn't.

Actually, the point of the discussion was whether security 
through obscurity (A.K.A. camouflage techniques) is a legitimate
tool in the security arsenal.

>As long as a sshd yells "SSH-1.99" at you the moment you connect to it's
>port there's no hiding sshd.

Like I said, ... camouflage ...
It doesn't stop with port numbers. And if you do camouflage the real
SSH and run a honeypot on port 22 that looks like SSH, where do you
think the haxors will put their attention first? 

>A well-tuned iptables or equivalent, on the other hand, might hide the
>presence of daemons completely for anyone except the designated users. 
How
>is that for obscurity? 

Great idea. The whole point of camouflage and obscurity techniques
is to confuse observers/attackers and this fits the bill. 

I agree that security through obscurity should always be backed up
with real hardening where possible, but I also believe that multiple
techniques working in synergy is best.

--Michael Dillon

• Previous message (by thread): sniffer/promisc detector
• Next message (by thread): SMTP problems from *.ipt.aol.com
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]