nanog mailing list archives
Re: sniffer/promisc detector
From: Valdis.Kletnieks () vt edu
Date: Tue, 20 Jan 2004 01:52:17 -0500
On Mon, 19 Jan 2004 23:26:30 MST, Brett Watson <brett () the-watsons org> said:
hacked? (Answer - you will never be hacked, if you use nonstandard port, except if you attracks someone by name, such as _SSH-DAEMOn.Rich-Bank-Of-America.Com_.
Go grab nessus (www.nessus.org), modify the code a bit, and I guarantee you that your ssh daemon running on a non-standard port can still be found, identified, and exploited. Trivial.
Alexei's point is that *yes*, things like Nessus *will* find a relocated SSH - but that if you're getting Nessus scanned, somebody has painted a bullseye target on YOUR site, not "any site vulnerable to <exploit du jour>". The people looking for "any vulnerable site" will just go SSH-scanning on port 22 and be done with it, since it's simply NOT PRODUCTIVE to do an exhaustive test of each machine. One probe at port 22 will probably go under the radar, scanning all 65K ports is sure to peeve somebody off....
Attachment:
_bin
Description:
Current thread:
- RE: sniffer/promisc detector, (continued)
- RE: sniffer/promisc detector Wojtek Zlobicki (Jan 16)
- Re: sniffer/promisc detector Rubens Kuhl Jr. (Jan 16)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 17)
- Re: sniffer/promisc detector haesu (Jan 17)
- Re: sniffer/promisc detector Valdis . Kletnieks (Jan 17)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 17)
- Re: sniffer/promisc detector Vadim Antonov (Jan 19)
- Re: sniffer/promisc detector Paul Vixie (Jan 19)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 19)
- Re: sniffer/promisc detector Brett Watson (Jan 19)
- Re: sniffer/promisc detector Valdis . Kletnieks (Jan 19)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 20)
- Re: sniffer/promisc detector Dave Israel (Jan 20)
- Re: sniffer/promisc detector Niels Bakker (Jan 20)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 21)
- Re: sniffer/promisc detector Steven M. Bellovin (Jan 20)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 17)
- Re: sniffer/promisc detector haesu (Jan 20)
- RE: sniffer/promisc detector Henry Linneweh (Jan 20)