From owner-freebsd-security  Fri Aug 31 21: 8:18 2001
Delivered-To: freebsd-security@freebsd.org
Received: from topperwein.dyndns.org (acs-24-154-28-172.zoominternet.net [24.154.28.172])
	by hub.freebsd.org (Postfix) with ESMTP id 766A737B405
	for <security@freebsd.org>; Fri, 31 Aug 2001 21:08:12 -0700 (PDT)
Received: from topperwein.dyndns.org (topperwein.dyndns.org [192.168.168.10])
	by topperwein.dyndns.org (8.11.6/8.11.6) with ESMTP id f8148EP01614
	for <security@freebsd.org>; Sat, 1 Sep 2001 00:08:14 -0400 (EDT)
	(envelope-from behanna@zbzoom.net)
Date: Sat, 1 Sep 2001 00:08:09 -0400 (EDT)
From: Chris BeHanna <behanna@zbzoom.net>
Reply-To: Chris BeHanna <behanna@zbzoom.net>
To: <security@freebsd.org>
Subject: Re: Possible New Security Tool For FreeBSD, Need Your Help.
In-Reply-To: <F229QdSe9g4pXX50yki00001102@hotmail.com>
Message-ID: <Pine.BSF.4.32.0109010005260.1512-100000@topperwein.dyndns.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Fri, 31 Aug 2001, Not Going to Tell You wrote:

> First, I stated that the only port that would be open would be the port 80
> http. And it is assumed that I would have already had a tight box with
> strict rules. But even tight boxes still show which ports are opened.
>
> As for guessing the key sequence..I doubt it, if the program was able to
> tell if port scanning was taking place. And do not for get the timer.
>
> As for sniffing, well 99.9% of all the hackers that I have seen come from
> the Internet where would they put the sniffer?

    If your machine is attached to a cable modem, then there are 253
other hosts in your neighborhood who can very easily sniff your traffic.

    If you're trying to open ports remotely, then your key traffic is
going over the internet.  Do a traceroute between the host you're
using and the host you're trying to manage, and ponder someone
sniffing along any of those hops.

    Although this is unlikely for the casual user, it becomes more
likely if the remote host is a corporate-owned machine in a highly
competitive area of industry.

-- 
Chris BeHanna
Software Engineer                   (Remove "bogus" before responding.)
behanna@bogus.zbzoom.net
I was raised by a pack of wild corn dogs.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message