Re: Annoy Those Sub7 Scanners.

[Chris Keladis <Chris.Keladis () CMC CWO NET AU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

True, but if you want to be rather clever about it, you could write an app
to respond with chargen only when the source port is a certain value.

You could possibly pick up on other characteristics of Sub7 to narrow it down.

Agreed, it wont stop the bounce attack you talk of, but at least you could
reach your intended audience, with some degree of "stealthness" :)

Actually, thinking about it, you could probably write your own chargen
which spits out x amount of entropy and stops, hopefully enough to kill
Sub7, but prevent flooding.

Sounds like a fun weekend project in perl or C :)



Regards,

Chris.

At 04:42 PM 8/27/00 +0200, Rune Kristian Viken wrote:

> On Sat, 26 Aug 2000, you wrote:
>
> > It appears that when Sub7 scans a port that chargen is sitting on,
> > it can't handle it, and crashes. A three-finger-salute is needed to
> regain any
> > use of Windows.
>
> Uh.  There really are pros and cons of setting up chargen.. It acts as an
> extreme traffic amplifier.. so .. I really don't think its a good idea to set
> up chargen's ;)
>
> --
> "Rune Kristian Viken" <arcade () kvinesdal com> / arcade@irc (EFnet/IRCnet)
> Kvinesdalsnett System Administrator (http://arcade.kvinesdal.com/)

Chris Keladis

System/Security Administrator
Custom Management Centre
Cable & Wireless Optus.

Phone: (02) 9775-5312
Mobile: (0402) 067-375
E-Mail: Chris.Keladis () cmc cwo net au



-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOap4KCEx0akmf5vwEQIFzwCfTbBx+X0n3/flzIo+NR3ewSm+KKAAoMry
0s6GPKH1MX3MIN9ub9swCdT6
=h/fb
-----END PGP SIGNATURE-----