nanog mailing list archives
Re: sniffer/promisc detector
From: "Alexei Roudnev" <alex () relcom net>
Date: Mon, 19 Jan 2004 21:44:02 -0800
i wish you were right. i wish you were even close to right. but we've
been
attacked many times over the years by some extremely smart adolescent psychopaths -- where adolescence is a state of mind in this case, rather than of years -- and i wish very much that they would either stop being so smart, or stop being so psychotic, or stop being so adolescent.
Hmm. It depends of, what is _attack_. For example, if I have old, unpatched sshd daemon (which is easy to hack), but run it at port 30022, how long do I need to expose it on Internet to be hacked? (Answer - you will never be hacked, if you use nonstandard port, except if you attracks someone by name, such as _SSH-DAEMOn.Rich-Bank-Of-America.Com_. Yes, all mass attacks are doing by the damb hackers. All smart attacks was doing only because there was some, very attractive, purpose for this attack, known _out if band_. But I mentioned another thing. If (if) you have a real concern about information leakage, attack, etc, do not wait until it happen, but create false information, leak it and track it's usage. If you got scam message _I am paypal. Yopu are expired. Please, send us your credit cand and pin code_, do not ignore it - send some numbers _like real__ and track, who and how will try to use them., Etc etc. This is 'honeypot' - to make a picture of the bear, do not roam the whole forest, bring a honey, expose it to the bears and wait... PS. Sniffer... there are not any way to detect sniffer in the non-switched network, and there is not much use for sniffer in switched network, if this network is configured properly and is watched for the unusial events.
The real smart ones - professionals - won't attack unless there's a
chance
of a serious payback. This excludes most businesses, and makes anything but a well-known script-based attack a very remote possibility.that's just not so. ask me about it in person and i might tell you
stories.
For most other people a trivial packet-filtering firewall, lack of Windoze, and a switch instead of a hub will do just fine.this part, i agree with. -- Paul Vixie
Current thread:
- Re: sniffer/promisc detector, (continued)
- Re: sniffer/promisc detector Gerald (Jan 16)
- Re: sniffer/promisc detector Chris Brenton (Jan 16)
- RE: sniffer/promisc detector Wojtek Zlobicki (Jan 16)
- Re: sniffer/promisc detector Rubens Kuhl Jr. (Jan 16)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 17)
- Re: sniffer/promisc detector haesu (Jan 17)
- Re: sniffer/promisc detector Valdis . Kletnieks (Jan 17)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 17)
- Re: sniffer/promisc detector Vadim Antonov (Jan 19)
- Re: sniffer/promisc detector Paul Vixie (Jan 19)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 19)
- Re: sniffer/promisc detector Brett Watson (Jan 19)
- Re: sniffer/promisc detector Valdis . Kletnieks (Jan 19)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 20)
- Re: sniffer/promisc detector Dave Israel (Jan 20)
- Re: sniffer/promisc detector Niels Bakker (Jan 20)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 21)
- Re: sniffer/promisc detector Steven M. Bellovin (Jan 20)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 17)
- Re: sniffer/promisc detector Gerald (Jan 16)
- Re: sniffer/promisc detector haesu (Jan 20)