nanog mailing list archives
Re: sniffer/promisc detector
From: Valdis.Kletnieks () vt edu
Date: Sat, 17 Jan 2004 14:22:31 -0500
On Sat, 17 Jan 2004 12:55:17 EST, haesu () towardex com said:
by the time you think your enemy is less capable than you, you've already lost the war.
On the other hand, does the fact that police usually only catch the stupid crooks mean that police forces are a bad idea? 1) How often is your site graced by the presence of a script kiddie who *would* fall for a honeypot, but who has enough exploits stashed to be a serious threat? (Remember, it only takes 1 unpatched 1U back there in row 17, rack 4, for him to get a foothold). 2) How often is your site visited by a talented Black Hat who's more capable than you, and who wouldn't be tricked by a honeypot? 3) How do you even know your answer to (2) is correct? Think long and hard about this one - when was the last time you took *everything* down and booted from known good media and checked for rootkits? And how do you know it was good media? (Go and re-read Ken Thompson's "On Trusting Trust" and Karger and Schell's paper on a Multics pen-test, and then take another REALLY close look at that boot CD.) I tend toward paranoia. However, I once received a box claiming to be from IBM Software Distribution, with the format of shipping labels that IBM SD had, and even sealed with IBM anti-tamper Q-tape the same way IBM SD does. There was a birthday card in it. Addressed to me. From a friend who wasn't an IBM employee at the time. I was most impressed. ;)
Attachment:
_bin
Description:
Current thread:
- Re: sniffer/promisc detector, (continued)
- Re: sniffer/promisc detector E.B. Dreger (Jan 18)
- Re: sniffer/promisc detector Gerald (Jan 19)
- Re: sniffer/promisc detector Scott McGrath (Jan 19)
- Re: sniffer/promisc detector Gerald (Jan 19)
- Re: sniffer/promisc detector Gerald (Jan 16)
- Re: sniffer/promisc detector Chris Brenton (Jan 16)
- RE: sniffer/promisc detector Wojtek Zlobicki (Jan 16)
- Re: sniffer/promisc detector Rubens Kuhl Jr. (Jan 16)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 17)
- Re: sniffer/promisc detector haesu (Jan 17)
- Re: sniffer/promisc detector Valdis . Kletnieks (Jan 17)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 17)
- Re: sniffer/promisc detector Vadim Antonov (Jan 19)
- Re: sniffer/promisc detector Paul Vixie (Jan 19)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 19)
- Re: sniffer/promisc detector Brett Watson (Jan 19)
- Re: sniffer/promisc detector Valdis . Kletnieks (Jan 19)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 20)
- Re: sniffer/promisc detector Dave Israel (Jan 20)
- Re: sniffer/promisc detector Niels Bakker (Jan 20)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 21)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 17)