Security Incidents mailing list archives
Re: Annoy Those Sub7 Scanners.
From: H Carvey <keydet89 () YAHOO COM>
Date: Sun, 27 Aug 2000 08:09:08 -0700
What we need are more trojans like fakebo.
I wouldn't recommend any of the programs that open a port, such as NukeNabber, FakeBO, or even a deception toolkit. What I've done is installed Win32-snort on my NT system. About once a week or so, I'll run a script that will pull all of the snort alerts out of my EventLog, and parse out the source IP addresses of the various scans...mostly NetBIOS name queries, but often Sub7 and the like. Once that is done, the script can run nmapNT against the system to ID open ports, fingerprint the os, etc. Powerful tools like Perl allow all sorts of flexibility with what you can do. Now, I don't advocate a full-out StrikeBack capability, a la Winn Schwartau, but I have found that some of the scans have come from folks w/ Win95 machines with fully-shared C:\ drives. Carv __________________________________________________ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/
Current thread:
- Annoy Those Sub7 Scanners. Max (Aug 26)
- Re: Annoy Those Sub7 Scanners. Dan Hollis (Aug 27)
- Re: Annoy Those Sub7 Scanners. Rune Kristian Viken (Aug 27)
- Re: Annoy Those Sub7 Scanners. Chris Keladis (Aug 27)
- Re: Annoy Those Sub7 Scanners. Thierry (Aug 27)
- Sub7/Open Telnet/Open Socks/DOS Ryan Yagatich (Aug 28)
- Re: Sub7/Open Telnet/Open Socks/DOS Valdis Kletnieks (Aug 28)
- Re: Sub7/Open Telnet/Open Socks/DOS Ryan Yagatich (Aug 29)
- <Possible follow-ups>
- Re: Annoy Those Sub7 Scanners. H Carvey (Aug 27)
- Re: Annoy Those Sub7 Scanners. Doug Kahler (Aug 27)
- Re: Annoy Those Sub7 Scanners. Valdis Kletnieks (Aug 27)
- Re: Annoy Those Sub7 Scanners. Dan Hollis (Aug 27)
- Re: Annoy Those Sub7 Scanners. Greg A. Woods (Aug 28)
- Re: Annoy Those Sub7 Scanners. Snehal Dasari (Aug 28)
- Re: Annoy Those Sub7 Scanners. H Carvey (Aug 27)
- Re: Annoy Those Sub7 Scanners. H Carvey (Aug 27)
- Re: Annoy Those Sub7 Scanners. Dan Hollis (Aug 27)
- Re: Annoy Those Sub7 Scanners. H Carvey (Aug 28)
- Re: Annoy Those Sub7 Scanners. Forrester, Mike (Aug 28)