Firewall Wizards mailing list archives
Re: BO, netbus and so on...
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Tue, 04 May 1999 15:07:10 -0400
Rob writes:
port 53, and 15% goes to other ports. This other 20% is being missed by >firewalls and Back Officer Friendly type products.
Yeah, it's easy to miss that stuff with a simple tool. To catch it more reliably you need to perform traffic analysis on the session. We can do that kind of stuff with an NFR engine but that's waaay overkill for a desktop. BackOfficer Friendly is not intended to detect everything, and only will catch the "standard scans" when they hit your machine. Still, I find that useful since most of the wide-range scanning is looking for folks who are running BO on default ports. One of the objectives of BOF was to get people to realize that they _are_ being scanned when they are dialed/cabled into public networks. Raising the level of awareness is a good thing, IMHO. mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- Re: BO, netbus and so on... S. Jonah Pressman (May 03)
- <Possible follow-ups>
- Re: BO, netbus and so on... Robert Graham (May 04)
- Re: BO, netbus and so on... Marcus J. Ranum (May 05)