Ruben van der Leij wrote:
+++ Alexei Roudnev [22/01/04 09:05 -0800]:
My results vary from 15 minuts to 1 hour.
Mine too. So nmap sucks if you want to quickly identify daemons running on
strange ports. No big deal. This discussion wasn't about nmap to start with.
Point of interest: Dan Kamin
>Mine too. So nmap sucks if you want to quickly identify daemons running
on
>strange ports. No big deal. This discussion wasn't about nmap to start
with.
>The point of the discussion was wether it made sense to run services on
>non-standard ports to deter cr4x0rs. And I feel it doesn't.
Actuall
>
> > My results vary from 15 minuts to 1 hour.
>
> Mine too. So nmap sucks if you want to quickly identify daemons running on
> strange ports. No big deal. This discussion wasn't about nmap to start
with.
> The point of the discussion was wether it made sense to run services on
> non-standard por
+++ Jason Slagle [22/01/04 19:13 -0500]:
> > The point of the discussion was wether it made sense to run services on
> > non-standard ports to deter cr4x0rs. And I feel it doesn't.
> I've sat here and watched this discussion and kept my thoughts to myself
> because I'm thinking "Maybe I'm missin
> Mine too. So nmap sucks if you want to quickly identify daemons running on
> strange ports. No big deal. This discussion wasn't about nmap to start with.
> The point of the discussion was wether it made sense to run services on
> non-standard ports to deter cr4x0rs. And I feel it doesn't.
I've
+++ Alexei Roudnev [22/01/04 09:05 -0800]:
> My results vary from 15 minuts to 1 hour.
Mine too. So nmap sucks if you want to quickly identify daemons running on
strange ports. No big deal. This discussion wasn't about nmap to start with.
The point of the discussion was wether it made sense to r
My results vary from 15 minuts to 1 hour.
n der Leij" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, January 22, 2004 1:12 AM
Subject: Re: sniffer/promisc detector
>
> On Wed, Jan 21, 2004 at 09:04:40AM -0800, Alexei Roudnev wrote:
> >
> > Please, do it:
> >
> > time nmap -p 0-65535
On Wed, Jan 21, 2004 at 09:04:40AM -0800, Alexei Roudnev wrote:
>
> Please, do it:
>
> time nmap -p 0-65535 $target
>
> You will be surprised (and nmap will not report applications; to test a
> response, multiply time at 5 ). And you will have approx. 40% of packets
> lost.
>
> Practically, nm
>
> Yes. But making a bomber "stealth" means designing it to be difficult
> to detect by an opponent. It doesn't mean painting "I am Not a
> Bomber, I Am The Ice Cream Man" on the side and hoping nobody takes a
> second glance at it.
This works as well. 6 years ago we set up faked telnet service
Roudnev" <[EMAIL PROTECTED]>
Cc: "Ruben van der Leij" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Wednesday, January 21, 2004 11:26 AM
Subject: Re: sniffer/promisc detector
> Alexei Roudnev wrote:
> >
> > Please, do it:
> >
> >
+++ [EMAIL PROTECTED] [21/01/04 11:40 -0500]:
> > Somebody who isn't smart enough to do 'nmap -p 0-65535 $target' isn't worth
> > diverting.
> I'm sure everybody who got whacked by Lion or CodeRed or Blaster or are
> glad to hear those attacks weren't worth diverting.
I'm sure moving www.mi
Clipped for brevity...
On 1/21/2004 at 10:52:00 +, [EMAIL PROTECTED] said:
>
> >> > Uhm, that would be wrong. This is simply "security through
> obscurity".
> >> Yes, it is wrong for the _smart books_. But it works in real life.
>
> >Actually, an automated script or manual scan can find
Alexei Roudnev wrote:
>
> Please, do it:
>
> time nmap -p 0-65535 $target
>
> You will be surprised (and nmap will not report applications; to test a
> response, multiply time at 5 ).
Yes. It will,
http://www.insecure.org/nmap/versionscan.html
--
Crist J. Clark
Please, do it:
time nmap -p 0-65535 $target
You will be surprised (and nmap will not report applications; to test a
response, multiply time at 5 ). And you will have approx. 40% of packets
lost.
Practically, nmap is useless for this purpose.
>
> Somebody who isn't smart enough to do 'nmap -p 0
On Wed, 21 Jan 2004 15:58:14 +0100, Ruben van der Leij <[EMAIL PROTECTED]> said:
> Somebody who isn't smart enough to do 'nmap -p 0-65535 $target' isn't worth
> diverting.
I'm sure everybody who got whacked by Lion or CodeRed or Blaster or are
glad to hear those attacks weren't worth diverti
+++ [EMAIL PROTECTED] [21/01/04 10:52 +]:
> >> > Uhm, that would be wrong. This is simply "security through
> >> > obscurity".
> >> Yes, it is wrong for the _smart books_. But it works in real life.
> >Actually, an automated script or manual scan can find it trivially.
> If security throu
>> > Uhm, that would be wrong. This is simply "security through
obscurity".
>> Yes, it is wrong for the _smart books_. But it works in real life.
>Actually, an automated script or manual scan can find it trivially.
If security through obscurity was useless then the USAF
would never have devel
> >
> > (I did not rated firewalls etc).
>
> Actually, an automated script or manual scan can find it trivially.
> All you have to do is a quick port scan, looking for this:
We can make an experiment:
- I put such system (with ssh) on /26 network;
- you scan it, find and report me time and bandwid
In message <[EMAIL PROTECTED]>, "Alexei Roudnev" writes:
>
>
>>
>> Uhm, that would be wrong. This is simply "security through obscurity".
>Yes, it is wrong for the _smart books_. But it works in real life. Of
>course, it should not be the last line of defense; but it works as a first
>line very e
* [EMAIL PROTECTED] (Dave Israel) [Tue 20 Jan 2004, 18:48 CET]:
> On 1/20/2004 at 09:18:07 -0800, Alexei Roudnev said:
[..]
>> - unpatched sshd on port 30013 - safety is 7 (higher) because no one
>> automated script can find it, and no one manual scan find it in reality
> Actually, an automated sc
> PS. Sniffer... there are not any way to detect sniffer in the non-switched
> network, and there is not much use for sniffer in switched network, if this
> network is configured properly and is watched for the unusial events.
depends on brand and model of switch
$ portinstall ds
Remote power on :P
-HenryMichel Py <[EMAIL PROTECTED]> wrote:
> Alexei Roudnev wrote:> - turn off power - safety is 10. Secure> system, is a dark system.I have to disagree on this one; there is WOL (Wake-up On Lan), thesystem can be lit remotely.- turn off power - safety is 9- Unplug all cords -
On 1/20/2004 at 09:18:07 -0800, Alexei Roudnev said:
>
>
> >
> > Uhm, that would be wrong. This is simply "security through obscurity".
> Yes, it is wrong for the _smart books_. But it works in real life. Of
> course, it should not be the last line of defense; but it works as a first
> line ve
> Alexei Roudnev wrote:
> - turn off power - safety is 10. Secure
> system, is a dark system.
I have to disagree on this one; there is WOL (Wake-up On Lan), the
system can be lit remotely.
- turn off power - safety is 9
- Unplug all cords - safety is 10
Michel.
>
> Uhm, that would be wrong. This is simply "security through obscurity".
Yes, it is wrong for the _smart books_. But it works in real life. Of
course, it should not be the last line of defense; but it works as a first
line very effectively.
If I rate safety as a number (10 is the best, 0 is t
On Mon, 19 Jan 2004 23:26:30 MST, Brett Watson <[EMAIL PROTECTED]> said:
> > hacked? (Answer - you will never be hacked, if
> > you use nonstandard port, except if you attracks someone by name, such as
> > _SSH-DAEMOn.Rich-Bank-Of-America.Com_.
> Go grab nessus (www.nessus.org), modify the code
>> i wish you were right. i wish you were even close to right. but we've
> been
>> attacked many times over the years by some extremely smart adolescent
>> psychopaths -- where adolescence is a state of mind in this case, rather
>> than of years -- and i wish very much that they would either sto
>
> i wish you were right. i wish you were even close to right. but we've
been
> attacked many times over the years by some extremely smart adolescent
> psychopaths -- where adolescence is a state of mind in this case, rather
> than of years -- and i wish very much that they would either stop be
That's what I assumed but I asked the question anyhow just to confirm my
assumption(s).
Scott C. McGrath
On Mon, 19 Jan 2004, Gerald wrote:
> On Sat, 17 Jan 2004, Scott McGrath wrote:
>
> > The question here is what are you trying to defend against?.
>
> If that q
let's be careful out there:
> Criminal hackers _are_ stupid (like most criminals) for purely economical
> reasons: those who are smart can make more money in various legal ways,
> like by holding a good job or running their own business. Hacking into
> other people's computers does not pay well
On Sat, 17 Jan 2004, Scott McGrath wrote:
> The question here is what are you trying to defend against?.
If that question was directed at me, I am just checking to make sure
nothing is new on the packet sniffing / detecting scene that I haven't
heard about. It also seemed to me to have been a lo
On Sat, 17 Jan 2004, Sam Stickland wrote:
> In an all switched network, sniffing can normally only be accomplished with
> MAC address spoofing (Man In The Middle). Watching for MAC address changes
> (from every machines perspective), along with scanning for seperate machines
> with the same ARP
Criminal hackers _are_ stupid (like most criminals) for purely economical
reasons: those who are smart can make more money in various legal ways,
like by holding a good job or running their own business. Hacking into
other people's computers does not pay well (if at all).
Those who aren't in th
DJ> Date: Sat, 17 Jan 2004 14:57:19 -0500
DJ> From: Deepak Jain
DJ> I know most people don't take the time to hard code their
DJ> MACs onto their switch ports, but it really only takes a few
DJ> seconds per switch with a little cutting & pasting -- as
DJ> customer switches a network port, they j
- look onto the standard, cage like, mouse - trap with a
> > piece of cheese inside. -:)
> >
> > - Original Message -
> > From: "Rubens Kuhl Jr." <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Friday, January 16, 2004 3:18
On Sat, 17 Jan 2004 11:30:13 PST, Donovan Hill said:
> Maybe this is just a stupid comment, but if the original poster is that
> concerned with their LAN being sniffed, then maybe they should consider using
> IPSec on their LAN.
Amen to that. It's actually easier to sleep at night if you start of
It is also possible to sniff a network using only the RX pair so most of
the tools to detect cards in P mode will fail. The new Cisco 6548's have
TDR functionality so you could detect unauthorized connections by their
physical characteristics.
But there are also tools like ettercap which exploit
On Saturday 17 January 2004 11:18 am, Scott McGrath wrote:
> It is also possible to sniff a network using only the RX pair so most of
> the tools to detect cards in P mode will fail. The new Cisco 6548's have
> TDR functionality so you could detect unauthorized connections by their
> physical cha
On Saturday 17 January 2004 11:18 am, Scott McGrath wrote:
> It is also possible to sniff a network using only the RX pair so most of
> the tools to detect cards in P mode will fail. The new Cisco 6548's have
> TDR functionality so you could detect unauthorized connections by their
> physical cha
On Sat, 17 Jan 2004 12:55:17 EST, [EMAIL PROTECTED] said:
> by the time you think your enemy is less capable than you, you've already lost
> the war.
On the other hand, does the fact that police usually only catch the stupid crooks
mean that police forces are a bad idea?
1) How often is your sit
land wrote:
>
>
> - Original Message -
> From: "Laurence F. Sheldon, Jr." <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, January 16, 2004 10:49 PM
> Subject: Re: sniffer/promisc detector
>
>
> >
> > Gerald wrote:
> &g
PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, January 16, 2004 3:18 PM
> Subject: Re: sniffer/promisc detector
>
>
> >
> >
> > That is a battle that was lost at its beginning: the Ethernet 802.1d
> > paradigm of "don't know where to se
- Original Message -
From: "Laurence F. Sheldon, Jr." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, January 16, 2004 10:49 PM
Subject: Re: sniffer/promisc detector
>
> Gerald wrote:
> >
> > Subject says it all. Someone asked the other
nside. -:)
- Original Message -
From: "Rubens Kuhl Jr." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, January 16, 2004 3:18 PM
Subject: Re: sniffer/promisc detector
>
>
> That is a battle that was lost at its beginning: the Ethernet 802.1d
> paradigm
On Fri, 2004-01-16 at 18:00, Gerald wrote:
>
> I should probably mention that I've already started looking at antisniff.
> I was hoping to find something that was currently maintained and still
> free while I investigate antisniff's capabilities.
Antisniff is still the best software based tool fo
In message <[EMAIL PROTECTED]>, "Laurence F. Sheldon, Jr." writes:
>
>Gerald wrote:
>>
>> Subject says it all. Someone asked the other day here for sniffers. Any
>> progress or suggestions for programs that detect cards in promisc mode or
>> sniffing traffic?
>
>I can't even imagine how one might
Thus spake Gerald ([EMAIL PROTECTED]) [16/01/04 18:32]:
> Subject says it all. Someone asked the other day here for sniffers. Any
> progress or suggestions for programs that detect cards in promisc mode or
> sniffing traffic?
There's an art to detecting promiscuous devices.[1] A good starting po
ery other swith vendor has its own non-IEEE 802 compliant way of
making a switched network more
secure.
Rubens
- Original Message -
From: "Gerald" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, January 16, 2004 8:35 PM
Subject: sniffer/promisc detector
>
at a
swithport with only one MAC address cached.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Gerald
Sent: Friday, January 16, 2004 5:35 PM
To: [EMAIL PROTECTED]
Subject: sniffer/promisc detector
Subject says it all. Someone asked the other day her
if you have multiple network interfaces you can insure that
the one doing the snooping is undetectable by the tools that people wrote
to detect promiscious ethernets...
joelja
On Fri, 16 Jan 2004, Laurence F. Sheldon, Jr. wrote:
>
> Gerald wrote:
> >
> > Subject says it all. Someone asked t
On Fri, 16 Jan 2004, Gerald wrote:
> Subject says it all. Someone asked the other day here for sniffers. Any
> progress or suggestions for programs that detect cards in promisc mode or
> sniffing traffic?
I should probably mention that I've already started looking at antisniff.
I was hoping to f
Gerald wrote:
>
> Subject says it all. Someone asked the other day here for sniffers. Any
> progress or suggestions for programs that detect cards in promisc mode or
> sniffing traffic?
I can't even imagine how one might do that. Traditionally the only
way to know that you have a mole is to enc
Subject says it all. Someone asked the other day here for sniffers. Any
progress or suggestions for programs that detect cards in promisc mode or
sniffing traffic?
Gerald
54 matches
Mail list logo
