Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 21 Jan 2000 22:00:31 -0800 (PST)
From:      Matthew Dillon <dillon@apollo.backplane.com>
To:        Brett Glass <brett@lariat.org>
Cc:        Dag-Erling Smorgrav <des@flood.ping.uio.no>, Keith Stevenson <k.stevenson@louisville.edu>, freebsd-security@FreeBSD.ORG
Subject:   Re: Some observations on stream.c and streamnt.c
Message-ID:  <200001220600.WAA67669@apollo.backplane.com>
References:  <4.2.2.20000120194543.019a8d50@localhost> <Pine.BSF.4.10.10001211419010.3943-100000@tetron02.tetronsoftware.com> <20000121162757.A7080@osaka.louisville.edu> <xzpk8l2lul4.fsf@flood.ping.uio.no> <4.2.2.20000121195112.0196a220@localhost> <4.2.2.20000121210443.01981600@localhost>

next in thread | previous in thread | raw e-mail | index | archive | help
:>    As far as port probing goes:  So what?  Do you think preventing people
:>     from identifying your machine will make it more secure?  
:
:No, but it'll make it harder to figure out which 'sploits to try. It's the
:difference between leaving the door visibly wide open and forcing the cracker 
:to TRY the door. If I can waste a cracker's time, I want to.
:...
:--Brett

    No.
    It.
    Won't.

    I don't think you quite understand how IRC weenies and script kiddies
    work.  They don't know or care what kind of machine is on the other
    end of the network.  They simply run their entire suite of tools until
    they find one that works.

    Being able to identify the machine is a cute exercise but it doesn't
    make it any less vulnerable.  The script kiddies have all the time in
    the world, they simply run *ALL* the exploits.  They often don't know
    what kind of machine they are logged into even though they have a shell
    prompt sitting there that they can type 'uname' on.

    It's kinda amusing to watch, actually.  I wish I had saved all the 
    terminal monitoring sessions :-(.  These people don't know anything.
    They aren't programmers, they aren't scripters, they aren't even *smart*!
    They are idiots with a toolbox of programs with big red letters that
    say "go".  One time Dima and I sat down and watched one of these
    bozos try to run a suite of SGI exploits on a FreeBSD shell box.  He
    was so stupid he didn't even know he was sitting in a FreeBSD shell
    session!  He spent over an hour trying to break into the box with SGI
    exploits before giving up.

    We recorded hundreds of hours of terminal sessions of hackers trying
    to break into our machines.  Hundreds of hackers, and of all of them
    I think there might have been one or two that actually knew what they
    were doing (and those two still couldn't break root).

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001220600.WAA67669>