Honeypots mailing list archives
Re: Net Bios script for noneyd
From: Valdis.Kletnieks () vt edu
Date: Mon, 17 May 2004 12:20:25 -0400
On Mon, 17 May 2004 17:31:28 +0200, Sumit Siddharth <Sumit.Siddharth () eurecom fr> said:
SInce the ports 139,137 and 445 are most commonly targetted by the hackers I dont understand why we dont have any support (script ) for these ports on honeyd.Instead of closing these ports it will really good to have some script running on them so that we can get more information about the hacker/attack tool.
Most likely, none of the programmers involved wanted to go anywhere near that can of worms.... ;) The problem is that it's fiendishly difficult to actually emulate the SMB/CIFS protocol well enough to be useful while staying legal regarding reverse-engineering (See the Samba project for an example). The other choice is to just emulate it enough for the "well-known" exploits to "work" - and a quick perusal of the vast number of Nessus plug-ins for those ports will explain why nobody wants to go THAT route....
Attachment:
_bin
Description:
Current thread:
- Net Bios script for noneyd Sumit Siddharth (May 17)
- Re: Net Bios script for noneyd Valdis . Kletnieks (May 17)