nanog mailing list archives
calling attention to servers
From: bmanning () vacation karoshi com
Date: Tue, 30 Jan 2001 23:56:06 +0000 (UCT)
Its a honeypot Chris.... if the goal is to deny intel, don't spraypaint it a neon green. Camo is much nicer... if that is the tactic you wish to take.
attack away... it's a bit harder to figure out what it is... and bind's not exploitable (at least not yet...) so as long as all other things are 'ok' I'm just denying intel to the 'enemy'... besides, tcp queries are verboten anyway :) --Chris On Tue, 30 Jan 2001 bmanning () vacation karoshi com wrote:lets see... (from previous discussions on the usefullness of tweeking the version) wearing my blackhat, i have to decide which system is worthty of my talents... which one should I pick? version "bad-ass-bind"; -or- version "9.1.0" of course I could be running 4.8.1 and simply recompile so it _reports_ a bogus version but the profile of a 9.1.0 code base is -very- distinct from a 4.8.1 code base... esp on replies to queries. Pick your targets carefully.Why not jus return some 'bogus' version ??? like this option allows: version "bad-ass-bind"; :)--Chris ####################################################### ## UUNET Technologies, Inc. ## ## Manager ## ## Customer Router Security Engineering Team ## ## (W)703-289-8479 (C)703-283-3734 ## #######################################################
Current thread:
- calling attention to servers bmanning (Feb 24)
- Re: calling attention to servers Paul Vixie (Feb 24)
- <Possible follow-ups>
- RE: calling attention to servers Roeland Meyer (Feb 24)