Full Disclosure mailing list archives
An open question for Snort and Project Honeynet
From: "Matsu Kandagawa" <matsu () mailvault com>
Date: Tue, 23 Sep 2003 18:23:53 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Thanks to Roesch's magnificent sentence-parsing spin job yesterday, like the rest of you, I'm quite sure that, quote, "there is no trojan in Snort". But unless I grossly misread the statements from Phrack, the central issue at hand was the introduction of deliberate weaknesses, not trojans. Do any of you have anything to say about that? When you say "look for yourself" surely you don't mean to claim that Average Joe Admin has the requisite skillset and detailed knowledge necessary to spot something potentially that subtle? And would anyone care to address the "off-by-one's, integer overflows, and logic bugs" m1lt0n alluded to in his or her article about Snort? How do you intend to counter the effects of Sneeze? Any comments on the Sebek piece? How confident are you in people who are doing your code review, anyway? I honestly hope the PHC does the same to every last one of the components of Project Honeynet: Honeyd, VMWare, the works. Whether you choose to admit it or not, the latest releases from Phrack do more to further the improvement of these technologies than the vast majority of researchers who are scared stiff at the prospect of losing funding. You complain now and tisk-tisk about the PHCs "juvenile" approach and tell yourselves it's all social engineering, but why not ask yourself where you'd be if they chose to sit on the papers they released yesterday instead? Ignoring people because you find them distateful doesn't make the problem go away. Hot tip for the initiated: With this bounteous cornucopia of unintended assistance from Phrack, it's better than even money that Major Martin and friends are likely to start asking some serious questions about all the money they've been pouring into substandard and intellectually dishonest research products. And don't think they don't know about who you've been corresponding with and trying to impress with your work, either. You aren't as slick as you think you are. If these recent embarrassments don't result in SIGNIFICANT improvements in Snort and a top-to-bottom review of honeynet design, I strongly suspect there's going to be some serious consequences. Just a wee hunch. I swear to God if I had a hundred thousand dollars in unmarked bills right now, I'd hand it over to the Phrack men this very minute with a hearfelt "thank you". In sum, "Everybody relax"-- the eternal refrain of the con artist-- might be good enough for people likely to be swayed by such assurances (or those who prefer to stick their heads in the sand to avoid unpleasant truths) but unfortunately for you, some of the people you've been working with demand a hell of a lot more. By the way, your explanation of how your machines were owned was one of the most disgraceful cop-outs I've seen in a long, long time. Evolve or die, Matsu. "who must be just some zit-faced chink PHC kid posting trolls from his mother's basement". (I have no interest in addressing your ad-hominem attacks, so I just thought I'd say it for you and get that out of the way.) -----BEGIN PGP SIGNATURE----- Version: MailVault 2.2 from Laissez Faire City http://www.mailvault.com iQA/AwUAP3DHf2M5xTGTuR0REQKFvACeK1INlkC0a+y/nn2u5d1gfX99RL8An2L/ QR6ZTONuJk0p8Lc2x4KEa5pl =GNIL -----END PGP SIGNATURE-----
Current thread:
- An open question for Snort and Project Honeynet Matsu Kandagawa (Sep 23)
- Re: An open question for Snort and Project Honeynet Blue Boar (Sep 23)
- Re: An open question for Snort and Project Honeynet northern snowfall (Sep 23)
- <Possible follow-ups>
- RE: An open question for Snort and Project Honeynet Zach Forsyth (Sep 23)
- Re: An open question for Snort and Project Honeynet Matsu Kandagawa (Sep 24)
- RE: An open question for Snort and Project Honeynet Schmehl, Paul L (Sep 25)
- Re: An open question for Snort and Project Honeynet Matsu Kandagawa (Sep 25)
- Re: An open question for Snort and Project Honeynet madsaxon (Sep 25)
- RE: An open question for Snort and Project Honeynet Ma tsu Kan daga waga (Sep 25)
- RE: An open question for Snort and Project Honeynet Matsu Kandagawa (Sep 26)
- Re: An open question for Snort and Project Honeynet Blue Boar (Sep 26)
(Thread continues...)