Re: Net Bios script for noneyd

[Valdis.Kletnieks () vt edu]

On Mon, 17 May 2004 17:31:28 +0200, Sumit Siddharth <Sumit.Siddharth () eurecom fr>  said:
> SInce the ports 139,137 and 445 are most commonly targetted by the 
> hackers I dont understand why we dont have any support (script ) for 
> these ports on honeyd.Instead of closing  these ports it will really 
> good to have some script running on them so that we can get more 
> information about the hacker/attack tool.

Most likely, none of the programmers involved wanted to go anywhere near that
can of worms.... ;)

The problem is that it's fiendishly difficult to actually emulate the SMB/CIFS
protocol well enough to be useful while staying legal regarding
reverse-engineering (See the Samba project for an example).  The other choice
is to just emulate it enough for the "well-known" exploits to "work" - and a
quick perusal of the vast number of Nessus plug-ins for those ports will
explain why nobody wants to go THAT route....

Attachment: _bin
Description: