nanog mailing list archives
Re: sniffer/promisc detector
From: Michael.Dillon () radianz com
Date: Fri, 23 Jan 2004 11:05:19 +0000
Mine too. So nmap sucks if you want to quickly identify daemons running
on
strange ports. No big deal. This discussion wasn't about nmap to start
with.
The point of the discussion was wether it made sense to run services on non-standard ports to deter cr4x0rs. And I feel it doesn't.
Actually, the point of the discussion was whether security through obscurity (A.K.A. camouflage techniques) is a legitimate tool in the security arsenal.
As long as a sshd yells "SSH-1.99" at you the moment you connect to it's port there's no hiding sshd.
Like I said, ... camouflage ... It doesn't stop with port numbers. And if you do camouflage the real SSH and run a honeypot on port 22 that looks like SSH, where do you think the haxors will put their attention first?
A well-tuned iptables or equivalent, on the other hand, might hide the presence of daemons completely for anyone except the designated users.
How
is that for obscurity?
Great idea. The whole point of camouflage and obscurity techniques is to confuse observers/attackers and this fits the bill. I agree that security through obscurity should always be backed up with real hardening where possible, but I also believe that multiple techniques working in synergy is best. --Michael Dillon
Current thread:
- Re: sniffer/promisc detector, (continued)
- Re: sniffer/promisc detector Fyodor (Jan 22)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 22)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 22)
- Re: sniffer/promisc detector Ruben van der Leij (Jan 22)
- Re: sniffer/promisc detector Jason Slagle (Jan 22)
- Re: sniffer/promisc detector Ruben van der Leij (Jan 22)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 22)
- Re: sniffer/promisc detector Andrew Simmons (Jan 23)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 21)