North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: sniffer/promisc detector
+++ [email protected] [21/01/04 10:52 +0000]: > >> > Uhm, that would be wrong. This is simply "security through > >> > obscurity". > >> Yes, it is wrong for the _smart books_. But it works in real life. > >Actually, an automated script or manual scan can find it trivially. > If security through obscurity was useless then the USAF > would never have developed the stealth bomber. TINS (There is no Stealth) Stealth only works because of the limited number of frequencies used by military radar. Somebody using a (very) different frequency or a broadband radar would see your F117A just fine. The same applies for digging yourself into the sand. That works fine in a sandy desert, but is no practical methode for hiding yourself on a rocky desert or in the snow. The message is: stealth might work in a limited number of situations. Trusting on stealth will make you look silly in the end. You hiding in a clearly visible pile of snow with footsteps leading to it. Or running an outdated (and exploitable) sshd on port 2222. Like said before: a scripted attack would trivially find your superstealth ssh-port. Connect to $port, wait for 'SSH-1.99*' or a timeout, and repeat for $port++. > If you can use obscurity and camouflage to divert a percentage of the > attacks against you Somebody who isn't smart enough to do 'nmap -p 0-65535 $target' isn't worth diverting. The 'security' gained with that is negliable. 'Camouflage' on the big bad internet is mainly a game of fooling yourself into feeling secure. The newest feature in H4x0rSh13ld Pr0 2003 SE, for the masses. I wouldn't waste time on matters to trivial to have any measurable effect. But. Just opinions. Mine, that is. -- Ruben van der Leij
|