|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [suse-security] strange ftp-scan
From: Kurt Seifried (listuser
seifried.org)Date: Sun Oct 08 2000 - 16:03:04 CDT
- Next message: Gerhard Sittig: "Re: [suse-security] strange ftp-scan"
- Previous message: Andreas Fiesser: "[suse-security] How FW-Router w/o masquerading ?"
- In reply to: bacano: "Re: [suse-security] strange ftp-scan"
- Next in thread: Gerhard Sittig: "Re: [suse-security] strange ftp-scan"
- Next in thread: Kurt Seifried: "Re: [suse-security] strange ftp-scan"
- Reply: Kurt Seifried: "Re: [suse-security] strange ftp-scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Hi2all
>
> What is amazing is that many times when people dont understand the point
of
> an attack the first reaction is: bah ... it's just a nonsense script
kiddie
> attack.
> Put your self in the skin of a real nasty, well social skilled black hat
> hacker, whats the first thing he want you to know? that he is what he is
or
> that he is just a kid clicking?
>
> > > The other way around is very funny, though. (do as if you have a
> > > vulnerable version and watch the hx0r5 wasting their time...)
>
> Is that your idea of a sandbox? you will see that both of you are just
> wasting time.
Modifying the version number has nothing to do with sandboxing. Sandboxing
is the practice of running the software in a "seperate" space to prevent it
from doing bad things (such as chrooting it so that it cannot read
/etc/passwd as easily).
What it can be good for though is wasting the attackers time and energy. If
the attacker does bother to check the version and see's that it is an old
version (say sendmail 8.8.5) they will then launch a variety of older
attacks against it, which will fail since you're running Sendmail 8.11.1 or
whatever. They will then (hopefully) get bored and leave you alone. I'm 99%
sure a LOT of people use automated scripts/etc just to generate "noise" to
waste admins time, so that the real attacks slip through, I've actually got
an article half done on this topic (and what you can do about it).
> "Stereotyping Can Be Dangerous" (Tangled Web, Chapter 2 - Inside the mind
of
> the cybercriminal)
>
> [ ]'s bacano
Kurt Seifried - seifriedsecurityportal.com
SecurityPortal, your focal point for security on the net
http://www.securityportal.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
- Next message: Gerhard Sittig: "Re: [suse-security] strange ftp-scan"
- Previous message: Andreas Fiesser: "[suse-security] How FW-Router w/o masquerading ?"
- In reply to: bacano: "Re: [suse-security] strange ftp-scan"
- Next in thread: Gerhard Sittig: "Re: [suse-security] strange ftp-scan"
- Next in thread: Kurt Seifried: "Re: [suse-security] strange ftp-scan"
- Reply: Kurt Seifried: "Re: [suse-security] strange ftp-scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]