nanog mailing list archives
Re: sniffer/promisc detector
From: Vadim Antonov <avg () kotovnik com>
Date: Mon, 19 Jan 2004 03:23:43 -0800 (PST)
Criminal hackers _are_ stupid (like most criminals) for purely economical reasons: those who are smart can make more money in various legal ways, like by holding a good job or running their own business. Hacking into other people's computers does not pay well (if at all). Those who aren't in that for money are either psychopaths or adolescents, pure and simple. Neither of those are smart. The real smart ones - professionals - won't attack unless there's a chance of a serious payback. This excludes most businesses, and makes anything but a well-known script-based attack a very remote possibility. Honeypots are indeed a good technique to catch those attacks, and may be quite adequate for the probable threat model for most people. Of course, if you're doing security for a bank, or a nuclear plant, then you may want to adjust your expectations of adversary's motivation and capabilities and upgrade your defenses accordingly. But, then, bribing an insider or some other form of social engineering is going to be more likely than any direct network-based attack. For most other people a trivial packet-filtering firewall, lack of Windoze, and a switch instead of a hub will do just fine. --vadim On Sat, 17 Jan 2004 haesu () towardex com wrote:
I think I'll pass this onto zen of Rob T. :) i think he said something along the lines of "security industry is here for my amusement" in the last nanog. so yea.. let's install bunch of honeypots and hope all those "stupid" "hackers" will get caught like the mouse. by the time you think your enemy is less capable than you, you've already lost the war. -J On Sat, Jan 17, 2004 at 02:31:06AM -0800, Alexei Roudnev wrote:The best anty-sniffer is HoneyPot (it is a method, not a tool). Create so many false information (and track it's usage) that hackers will be catched before they do something really wrong.
Current thread:
- Re: sniffer/promisc detector, (continued)
- Re: sniffer/promisc detector Scott McGrath (Jan 19)
- Re: sniffer/promisc detector Gerald (Jan 19)
- Re: sniffer/promisc detector Gerald (Jan 16)
- Re: sniffer/promisc detector Chris Brenton (Jan 16)
- RE: sniffer/promisc detector Wojtek Zlobicki (Jan 16)
- Re: sniffer/promisc detector Rubens Kuhl Jr. (Jan 16)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 17)
- Re: sniffer/promisc detector haesu (Jan 17)
- Re: sniffer/promisc detector Valdis . Kletnieks (Jan 17)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 17)
- Re: sniffer/promisc detector Vadim Antonov (Jan 19)
- Re: sniffer/promisc detector Paul Vixie (Jan 19)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 19)
- Re: sniffer/promisc detector Brett Watson (Jan 19)
- Re: sniffer/promisc detector Valdis . Kletnieks (Jan 19)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 20)
- Re: sniffer/promisc detector Dave Israel (Jan 20)
- Re: sniffer/promisc detector Niels Bakker (Jan 20)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 21)
- Re: sniffer/promisc detector Steven M. Bellovin (Jan 20)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 17)
- Re: sniffer/promisc detector haesu (Jan 20)