nanog mailing list archives
Re: sniffer/promisc detector
From: Niels Bakker <niels=nanog () bakker net>
Date: Wed, 21 Jan 2004 00:57:35 +0100
* davei () algx net (Dave Israel) [Tue 20 Jan 2004, 18:48 CET]:
On 1/20/2004 at 09:18:07 -0800, Alexei Roudnev said:
[..]
- unpatched sshd on port 30013 - safety is 7 (higher) because no one automated script can find it, and no one manual scan find it in realityActually, an automated script or manual scan can find it trivially. All you have to do is a quick port scan, looking for this:
[..] Indeed. And Alexei's point is that noone is looking for that.
one across the enterprise, so it is only really obscure once. Moving port numbers only protects you against idle vandalism; it is useless against people who truly wish you harm.
Alexei's point also was that you need additional measures against those people.
You really need a firewall, particularly one that can detect a port scan and shut off the scanner, for changing ports to have any real security. It is kind of like a 4-digit PIN being useless for a bank card without the 3-try limit.
Unless you like really, really sore fingers, and don't think a long line of people waiting behind you at the ATM will attract any attention from the bank employees. -- Niels.
Current thread:
- Re: sniffer/promisc detector, (continued)
- Re: sniffer/promisc detector haesu (Jan 17)
- Re: sniffer/promisc detector Valdis . Kletnieks (Jan 17)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 17)
- Re: sniffer/promisc detector Vadim Antonov (Jan 19)
- Re: sniffer/promisc detector Paul Vixie (Jan 19)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 19)
- Re: sniffer/promisc detector Brett Watson (Jan 19)
- Re: sniffer/promisc detector Valdis . Kletnieks (Jan 19)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 20)
- Re: sniffer/promisc detector Dave Israel (Jan 20)
- Re: sniffer/promisc detector Niels Bakker (Jan 20)
- Re: sniffer/promisc detector Alexei Roudnev (Jan 21)
- Re: sniffer/promisc detector Steven M. Bellovin (Jan 20)
- Re: sniffer/promisc detector haesu (Jan 20)
- RE: sniffer/promisc detector Henry Linneweh (Jan 20)
- Re: sniffer/promisc detector Ruben van der Leij (Jan 21)
- Re: sniffer/promisc detector Valdis . Kletnieks (Jan 21)
- Re: sniffer/promisc detector Ruben van der Leij (Jan 21)