Any of y'all running packet suckers outside your filters to see
what the kidz are up to? I've been playing with some patches
Hobbit made to tcp_wrappers, which sends telnet escapes to ask for
telnet environment variables, and various other strings to egg
on other clients.

It's a little clunky to configure/use, though. Wondering
if there are other packet sinks/suckers around for research
like this, or if most folks write their own?

I'm really not a programmer, but I'm contemplating trying to
hack LaBrea to do this kind of stuff before it optionally
tries to capture and hold the connection.

Thanks...

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]