Re: sniffer/promisc detector

[Vadim Antonov <avg () kotovnik com>]

Criminal hackers _are_ stupid (like most criminals) for purely economical
reasons: those who are smart can make more money in various legal ways,
like by holding a good job or running their own business.  Hacking into
other people's computers does not pay well (if at all).

Those who aren't in that for money are either psychopaths or adolescents,
pure and simple.  Neither of those are smart.

The real smart ones - professionals - won't attack unless there's a chance
of a serious payback.  This excludes most businesses, and makes anything
but a well-known script-based attack a very remote possibility.

Honeypots are indeed a good technique to catch those attacks, and may be
quite adequate for the probable threat model for most people.  Of course,
if you're doing security for a bank, or a nuclear plant, then you may want
to adjust your expectations of adversary's motivation and capabilities and
upgrade your defenses accordingly.  But, then, bribing an insider or some
other form of social engineering is going to be more likely than any
direct network-based attack.

For most other people a trivial packet-filtering firewall, lack of
Windoze, and a switch instead of a hub will do just fine.

--vadim


On Sat, 17 Jan 2004 haesu () towardex com wrote:

> I think I'll pass this onto zen of Rob T. :)
>
> i think he said something along the lines of "security industry is here for my
> amusement" in the last nanog.
>
> so yea.. let's install bunch of honeypots and hope all those "stupid" "hackers"
> will get caught like the mouse.
>
> by the time you think your enemy is less capable than you, you've already lost
> the war.
>
> -J
>
> On Sat, Jan 17, 2004 at 02:31:06AM -0800, Alexei Roudnev wrote:
> > The best anty-sniffer is HoneyPot (it is a method, not a tool). Create so
> > many false information (and track it's usage) that hackers will be catched
> > before they do something really wrong.