|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [suse-security] strange ftp-scan
From: Stefan Suurmeijer (stefan
symbolica.nl)Date: Sat Oct 07 2000 - 21:00:20 CDT
- Next message: bacano: "Re: [suse-security] strange ftp-scan"
- Previous message: Geordon VanTassle: "Re: [suse-security] Suggestion to the SuSE security people"
- In reply to: Roman Drahtmueller: "Re: [suse-security] strange ftp-scan"
- Next in thread: bacano: "Re: [suse-security] strange ftp-scan"
- Next in thread: Kurt Seifried: "Re: [suse-security] strange ftp-scan"
- Reply: Stefan Suurmeijer: "Re: [suse-security] strange ftp-scan"
- Reply: bacano: "Re: [suse-security] strange ftp-scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, 8 Oct 2000, Roman Drahtmueller wrote:
> >
> > That is so utterly stupid. Most script kiddie attacks I have seen don't even
> > bother to be subtle at all, they just use the shotgun approach, taking an
> > exploit and pointing it at machines until they get in. Hiding version info
> > is pretty damn useless.
> > Kurt Seifried - seifriedsecurityportal.com
>
Wow, ease off the trigger please. I guess that's what I get for not
formulating clearly. What I meant to say was since the "attack" in
question lasted over more than a day, maybe some script kiddie had
detected a vulnerable ftp daemon and was trying to break in, and that he
might have gotten that information by simply connecting or scanning unless
the server information was suppressed, in which case I don't think most
script kiddies would know with which ftp daemon they were dealing. I never
meant to say that suppressing server information would safeguard you or
even be useful. I agree with you that most script kiddies just randomly
attack, but when someone repeatedly tries to get in over a period of time,
then they might be looking for something specific.
Switch to decaf please ;-)
> I agree. Security by obscurity doesn't help - in the contrary: It shows
> the attacker the level of experience to some degree. You should easily be
> able to recognize an MTA just by its reaction to some teasing and bugging.
>
You are right. Although I don't think most script kiddies are
knowledgeable enough to do that.
> The other way around is very funny, though. (do as if you have a
> vulnerable version and watch the hx0r5 wasting their time...)
>
*grin* I think I'll try that sometime.
> Roman.
> --
Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
- Next message: bacano: "Re: [suse-security] strange ftp-scan"
- Previous message: Geordon VanTassle: "Re: [suse-security] Suggestion to the SuSE security people"
- In reply to: Roman Drahtmueller: "Re: [suse-security] strange ftp-scan"
- Next in thread: bacano: "Re: [suse-security] strange ftp-scan"
- Next in thread: Kurt Seifried: "Re: [suse-security] strange ftp-scan"
- Reply: Stefan Suurmeijer: "Re: [suse-security] strange ftp-scan"
- Reply: bacano: "Re: [suse-security] strange ftp-scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]