North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: sniffer/promisc detector

  • From: Valdis.Kletnieks
  • Date: Tue Jan 20 01:54:43 2004

On Mon, 19 Jan 2004 23:26:30 MST, Brett Watson <[email protected]>  said:

> > hacked? (Answer - you will never be hacked, if
> > you use nonstandard port, except if you attracks someone by name, such as
> > _SSH-DAEMOn.Rich-Bank-Of-America.Com_.

> Go grab nessus (www.nessus.org), modify the code a bit, and I guarantee you
> that your ssh daemon running on a non-standard port can still be found,
> identified, and exploited. Trivial.

Alexei's point is that *yes*, things like Nessus *will* find a relocated SSH -
but that if you're getting Nessus scanned, somebody has painted a bullseye
target on YOUR site, not "any site vulnerable to <exploit du jour>".  The
people looking for "any vulnerable site" will just go SSH-scanning on port 22
and be done with it, since it's simply NOT PRODUCTIVE to do an exhaustive test
of each machine. One probe at port 22 will probably go under the radar,
scanning all 65K ports is sure to peeve somebody off....


Attachment: pgp00020.pgp
Description: PGP signature