North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: sniffer/promisc detector
>> i wish you were right. i wish you were even close to right. but we've > been >> attacked many times over the years by some extremely smart adolescent >> psychopaths -- where adolescence is a state of mind in this case, rather >> than of years -- and i wish very much that they would either stop being >> so smart, or stop being so psychotic, or stop being so adolescent. > > Hmm. > > It depends of, what is _attack_. For example, if I have old, unpatched sshd > daemon (which is easy to hack), but > run it at port 30022, how long do I need to expose it on Internet to be > hacked? (Answer - you will never be hacked, if > you use nonstandard port, except if you attracks someone by name, such as > _SSH-DAEMOn.Rich-Bank-Of-America.Com_. Uhm, that would be wrong. This is simply "security through obscurity". Go grab nessus (www.nessus.org), modify the code a bit, and I guarantee you that your ssh daemon running on a non-standard port can still be found, identified, and exploited. Trivial. -b
|