Date: Wed, 12 Aug 1998 17:12:53 +0200 From: Marius Bendiksen <Marius.Bendiksen@scancall.no> To: bmah@CA.Sandia.GOV Cc: freebsd-security@FreeBSD.ORG Subject: Re: UDP port 31337 Message-ID: <3.0.5.32.19980812171253.00964bc0@mail.scancall.no> In-Reply-To: <199808121458.HAA17389@stennis.ca.sandia.gov> References: <Your message of "Wed, 12 Aug 1998 23:12:22 %2B1200." <Pine.BSF.3.96.980812225354.21008E-100000@aniwa.sky>
next in thread | previous in thread | raw e-mail | index | archive | help
>I haven't seen the words "Internet" and "centralised" (for me that would be >"centralized") in the same sentence for awhile. :-) How come that doesn't surprise me? ;) >I don't think you were suggesting this, but this story points out the need to >be careful with completely automated attack reporting systems. Yeah... :) We wouldn't want that. But, as you pointed out, I didn't suggest this. What I suggested was simulating the presence of exploitable features in the system, and logging attempts to use such exploits. For starters, a daemon to emulate the presence of Back Orifice, which would have configurable attack-report levels and responses. If someone is trying to do the BO equivalent of rm -rf / on your system, they're attacking. I will *not* be convinced that they actually tried such a thing as _that_ to get a free PGP cracker ;) I can, of course, see the problems associated with setting up something which is too sensitive, as a port 23 connection detector of course would be. --- Marius Bendiksen, IT-Trainee, ScanCall AS To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.19980812171253.00964bc0>