Re: An open question for Snort and Project Honeynet

["Matsu Kandagawa" <matsu () mailvault com>]

-----BEGIN PGP SIGNED MESSAGE-----

Sorry, I must have missed it: where are the answers to my questions
about the "off-by-one's, integer overflows, and logic bugs" m1lton
alluded to? Where did anyone explain away why Sneeze won't work and why
the idea that Sebek, Honeyd and VMWare are egregiously detectable by
anyone who's ever  worked with them is something I just pulled out of my
head?

Here's one I know nobody's answered: why hasn't Project Honeynet
attracted and deceived a single blackhat with the kind of skills worth
worrying about? 

How much more money do you think you can get out of the government
before somebody makes you answer that one?

I'm not trying to disrupt the list at all. I just think it's a shame
that #Phrack (and yes, I realize it wasnt the "real" Phrack)is doing the
kind of rigorous red-teaming you all you grantees ought to be doing if
only you were intellectually honest enough to get past your fear of your
substandard research products losing funding. 

All I'll say is this: contrary to popular belief, you people aren't the
only game in town when it comes to inventing deception technologies
applicable to CND. Not everyone doing this kind of work finds it
necessary to whore themselves out to the media and give away the store
in a vain atttempt to impress their would-be friends in the "hacking
community". If you haven't heard of me, there'll be a reason.

If you insist on continuing to stick your head in the sand when people
discover flaws in your tools, one of these days you're all going to wake
up to find all your government grants have dried up and gone to the
researchers who aren't afraid to admit that when something doesn't work,
it doesn't work, and get on with fixing it. And I'll be right there,
enjoying every minute of it.

Hint: you really ought to realize you're not pulling the wool over your
sponsors' eyes, you're being tolerated. The way they've always tolerated
scum to get what they want out of them. You remind me of the little lab
rats in the box who brag "I've got these suckers all figured out: all I
need to do is press this lever and they give me a food pellet".

For the record, I dislike you not because of anything the PHC said or
didn't say, I dislike you because you are frauds.

Matsu.



On 23-Sep-2003 20:47:17 -0400, you wrote:
> Matsu Kandagawa wrote:
> > Matsu.
> > "who must be just some zit-faced chink PHC kid posting trolls from
his
> > mother's basement".
>
> Seems the most likely case, doesn't it?  A name that sounds like it
might 
> be real, but Google has never heard of it, nor the email address. 
Sent 
> from a free, anonymizing email service that blocks the sender's IP,
like 
> hush.com.  Asks questions that have already clearly been answered,
overtly 
> attacks the same groups the PHC seem to dislike.
>
> I must say, it's a much better worded troll than we usually get, but
still.
> > (I have no interest in addressing your ad-hominem attacks, so I
just
> > thought I'd say it for you and get that out of the way.)
>
> Great.  Then since I've done exactly that, we won't have to hear back
from 
> you, unless your purpose is to troll and just drag the conversation
out in 
> an attempt to disrupt the list.
>
>                                               BB

-----BEGIN PGP SIGNATURE-----
Version: MailVault 2.2 from Laissez Faire City http://www.mailvault.com

iQA/AwUAP3HwjWM5xTGTuR0REQKjzwCffajCv2yFqOOuHx0K1DW3aV8d1vAAoNTW
NMhenrGM71oYE5d59R3FqnPW
=svBU
-----END PGP SIGNATURE-----