Date: Fri, 21 Jan 2000 22:00:31 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Brett Glass <brett@lariat.org> Cc: Dag-Erling Smorgrav <des@flood.ping.uio.no>, Keith Stevenson <k.stevenson@louisville.edu>, freebsd-security@FreeBSD.ORG Subject: Re: Some observations on stream.c and streamnt.c Message-ID: <200001220600.WAA67669@apollo.backplane.com> References: <4.2.2.20000120194543.019a8d50@localhost> <Pine.BSF.4.10.10001211419010.3943-100000@tetron02.tetronsoftware.com> <20000121162757.A7080@osaka.louisville.edu> <xzpk8l2lul4.fsf@flood.ping.uio.no> <4.2.2.20000121195112.0196a220@localhost> <4.2.2.20000121210443.01981600@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
:> As far as port probing goes: So what? Do you think preventing people
:> from identifying your machine will make it more secure?
:
:No, but it'll make it harder to figure out which 'sploits to try. It's the
:difference between leaving the door visibly wide open and forcing the cracker
:to TRY the door. If I can waste a cracker's time, I want to.
:...
:--Brett
No.
It.
Won't.
I don't think you quite understand how IRC weenies and script kiddies
work. They don't know or care what kind of machine is on the other
end of the network. They simply run their entire suite of tools until
they find one that works.
Being able to identify the machine is a cute exercise but it doesn't
make it any less vulnerable. The script kiddies have all the time in
the world, they simply run *ALL* the exploits. They often don't know
what kind of machine they are logged into even though they have a shell
prompt sitting there that they can type 'uname' on.
It's kinda amusing to watch, actually. I wish I had saved all the
terminal monitoring sessions :-(. These people don't know anything.
They aren't programmers, they aren't scripters, they aren't even *smart*!
They are idiots with a toolbox of programs with big red letters that
say "go". One time Dima and I sat down and watched one of these
bozos try to run a suite of SGI exploits on a FreeBSD shell box. He
was so stupid he didn't even know he was sitting in a FreeBSD shell
session! He spent over an hour trying to break into the box with SGI
exploits before giving up.
We recorded hundreds of hours of terminal sessions of hackers trying
to break into our machines. Hundreds of hackers, and of all of them
I think there might have been one or two that actually knew what they
were doing (and those two still couldn't break root).
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001220600.WAA67669>