|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical calling attention to servers
Its a honeypot Chris.... if the goal is to deny intel, don't spraypaint it a neon green. Camo is much nicer... if that is the tactic you wish to take. > > attack away... it's a bit harder to figure out what it is... and bind's > not exploitable (at least not yet...) so as long as all other things are > 'ok' I'm just denying intel to the 'enemy'... besides, tcp queries are > verboten anyway :) > > --Chris > > > On Tue, 30 Jan 2001 [email protected] wrote: > > > lets see... (from previous discussions on the usefullness of tweeking > > the version) > > > > wearing my blackhat, i have to decide which system is worthty > > of my talents... which one should I pick? > > > > version "bad-ass-bind"; > > -or- > > version "9.1.0" > > > > of course I could be running 4.8.1 and simply recompile so it _reports_ > > a bogus version but the profile of a 9.1.0 code base is -very- distinct > > from a 4.8.1 code base... esp on replies to queries. > > > > Pick your targets carefully. > > > > > > > > > Why not jus return some 'bogus' version ??? like this option allows: > > > > > > version "bad-ass-bind"; > > > > > > :) > > > > > > > > --Chris > > > > > > > > ####################################################### > > > > ## UUNET Technologies, Inc. ## > > > > ## Manager ## > > > > ## Customer Router Security Engineering Team ## > > > > ## (W)703-289-8479 (C)703-283-3734 ## > > > > ####################################################### > > > >
|