Gene Lee <[EMAIL PROTECTED]> writes:
>Since source is released for BO2K, modifying things like packet
>characteristics, daemon port, mode of deployment should be trivial, so
>scanning for the like seems futile in the long run.
A couple of thoughts:
Altering the way BO2K works or uses its packets will break
compatibility. The current version of BO is all over the
place, and one of the things script kiddies appear to do
is blanket sweeps for systems that are infected with it.
If you have your own customized version of BO, then you
can talk to machines you've targetted but other script
kiddies won't be able to have fun. It also means that
unique versions of BO will "belong" to an individual,
which might make it easier to track/identify the
perpetrator of an attack.
One big bummer about BO2K is that it can use good crypto.
Which means that folks who develop tools that latch
into the crypto are going to be under export controls.
This is a monumental pain in the butt - it means that the
good guys' hands are tied (as usual) but the bad guys'
aren't (as usual) by the very laws that FBI et al says
are there to tie the bad guys' hands.
mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
