nanog mailing list archives

calling attention to servers

From: bmanning () vacation karoshi com
Date: Tue, 30 Jan 2001 23:56:06 +0000 (UCT)


  Its a honeypot Chris.... if the goal is to deny intel, don't 
  spraypaint it a neon green.  Camo is much nicer... if that is the
  tactic you wish to take.


attack away... it's a bit harder to figure out what it is... and bind's
not exploitable (at least not yet...) so as long as all other things are
'ok' I'm just denying intel to the 'enemy'... besides, tcp queries are
verboten anyway :)

--Chris


On Tue, 30 Jan 2001 bmanning () vacation karoshi com wrote:

 lets see... (from previous discussions on the usefullness of tweeking
 the version)
   
   wearing my blackhat, i have to decide which system is worthty
   of my talents... which one should I pick?

   version "bad-ass-bind";         
   -or-
   version "9.1.0"

 of course I could be running 4.8.1 and simply recompile so it _reports_
 a bogus version but the profile of a 9.1.0 code base is -very- distinct
 from a 4.8.1 code base... esp on replies to queries.

 Pick your targets carefully.

Why not jus return some 'bogus' version ??? like this option allows:

version "bad-ass-bind";

:)


--Chris

#######################################################
## UUNET Technologies, Inc.                          ##
## Manager                                           ##
## Customer Router Security Engineering Team         ##
## (W)703-289-8479 (C)703-283-3734                   ##
#######################################################

Current thread:

calling attention to servers bmanning (Feb 24)
- Re: calling attention to servers Paul Vixie (Feb 24)
- <Possible follow-ups>
- RE: calling attention to servers Roeland Meyer (Feb 24)