Mailinglist Archive: opensuse-security (471 mails)
| < Previous | Next > |
Re: [suse-security] strange ftp-scan
- From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
- Date: Sun, 8 Oct 2000 15:03:04 -0600
- Message-id: <008b01c0316b$274d1a40$6900030a@xxxxxxxxxxxx>
> Hi2all
>
> What is amazing is that many times when people dont understand the point
of
> an attack the first reaction is: bah ... it's just a nonsense script
kiddie
> attack.
> Put your self in the skin of a real nasty, well social skilled black hat
> hacker, whats the first thing he want you to know? that he is what he is
or
> that he is just a kid clicking?
>
> > > The other way around is very funny, though. (do as if you have a
> > > vulnerable version and watch the h@x0r5 wasting their time...)
>
> Is that your idea of a sandbox? you will see that both of you are just
> wasting time.
Modifying the version number has nothing to do with sandboxing. Sandboxing
is the practice of running the software in a "seperate" space to prevent it
from doing bad things (such as chrooting it so that it cannot read
/etc/passwd as easily).
What it can be good for though is wasting the attackers time and energy. If
the attacker does bother to check the version and see's that it is an old
version (say sendmail 8.8.5) they will then launch a variety of older
attacks against it, which will fail since you're running Sendmail 8.11.1 or
whatever. They will then (hopefully) get bored and leave you alone. I'm 99%
sure a LOT of people use automated scripts/etc just to generate "noise" to
waste admins time, so that the real attacks slip through, I've actually got
an article half done on this topic (and what you can do about it).
> "Stereotyping Can Be Dangerous" (Tangled Web, Chapter 2 - Inside the mind
of
> the cybercriminal)
>
> [ ]'s bacano
Kurt Seifried - seifried@xxxxxxxxxxxxxxxxxx
SecurityPortal, your focal point for security on the net
http://www.securityportal.com/
>
> What is amazing is that many times when people dont understand the point
of
> an attack the first reaction is: bah ... it's just a nonsense script
kiddie
> attack.
> Put your self in the skin of a real nasty, well social skilled black hat
> hacker, whats the first thing he want you to know? that he is what he is
or
> that he is just a kid clicking?
>
> > > The other way around is very funny, though. (do as if you have a
> > > vulnerable version and watch the h@x0r5 wasting their time...)
>
> Is that your idea of a sandbox? you will see that both of you are just
> wasting time.
Modifying the version number has nothing to do with sandboxing. Sandboxing
is the practice of running the software in a "seperate" space to prevent it
from doing bad things (such as chrooting it so that it cannot read
/etc/passwd as easily).
What it can be good for though is wasting the attackers time and energy. If
the attacker does bother to check the version and see's that it is an old
version (say sendmail 8.8.5) they will then launch a variety of older
attacks against it, which will fail since you're running Sendmail 8.11.1 or
whatever. They will then (hopefully) get bored and leave you alone. I'm 99%
sure a LOT of people use automated scripts/etc just to generate "noise" to
waste admins time, so that the real attacks slip through, I've actually got
an article half done on this topic (and what you can do about it).
> "Stereotyping Can Be Dangerous" (Tangled Web, Chapter 2 - Inside the mind
of
> the cybercriminal)
>
> [ ]'s bacano
Kurt Seifried - seifried@xxxxxxxxxxxxxxxxxx
SecurityPortal, your focal point for security on the net
http://www.securityportal.com/
| < Previous | Next > |