Re: sniffer/promisc detector

[Ruben van der Leij <ruben-nanog () nutz nl>]

+++ Michael.Dillon () radianz com [21/01/04 10:52 +0000]:

> > > > Uhm, that would be wrong.  This is simply "security through
> > > > obscurity".
> > > Yes, it is wrong for the _smart books_. But it works in real life. 

> > Actually, an automated script or manual scan can find it trivially.

> If security through obscurity was useless then the USAF
> would never have developed the stealth bomber.

TINS (There is no Stealth)

Stealth only works because of the limited number of frequencies used by
military radar. Somebody using a (very) different frequency or a broadband
radar would see your F117A just fine.

The same applies for digging yourself into the sand. That works fine in a
sandy desert, but is no practical methode for hiding yourself on a rocky
desert or in the snow.

The message is: stealth might work in a limited number of situations.
Trusting on stealth will make you look silly in the end. You hiding in
a clearly visible pile of snow with footsteps leading to it. Or running an
outdated (and exploitable) sshd on port 2222.

Like said before: a scripted attack would trivially find your superstealth
ssh-port. Connect to $port, wait for 'SSH-1.99*' or a timeout, and repeat
for $port++.

> If you can use obscurity and camouflage to divert a percentage of the
> attacks against you 

Somebody who isn't smart enough to do 'nmap -p 0-65535 $target' isn't worth
diverting. The 'security' gained with that is negliable. 'Camouflage' on the
big bad internet is mainly a game of fooling yourself into feeling secure.
The newest feature in H4x0rSh13ld Pr0 2003 SE, for the masses. I wouldn't waste
time on matters to trivial to have any measurable effect.

But. Just opinions. Mine, that is.

-- 

Ruben van der Leij