From owner-freebsd-security Fri Jan 21 22: 0:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id A7C8A14CC4 for ; Fri, 21 Jan 2000 22:00:41 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id WAA67669; Fri, 21 Jan 2000 22:00:31 -0800 (PST) (envelope-from dillon) Date: Fri, 21 Jan 2000 22:00:31 -0800 (PST) From: Matthew Dillon Message-Id: <200001220600.WAA67669@apollo.backplane.com> To: Brett Glass Cc: Dag-Erling Smorgrav , Keith Stevenson , freebsd-security@FreeBSD.ORG Subject: Re: Some observations on stream.c and streamnt.c References: <4.2.2.20000120194543.019a8d50@localhost> <20000121162757.A7080@osaka.louisville.edu> <4.2.2.20000121195112.0196a220@localhost> <4.2.2.20000121210443.01981600@localhost> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :> As far as port probing goes: So what? Do you think preventing people :> from identifying your machine will make it more secure? : :No, but it'll make it harder to figure out which 'sploits to try. It's the :difference between leaving the door visibly wide open and forcing the cracker :to TRY the door. If I can waste a cracker's time, I want to. :... :--Brett No. It. Won't. I don't think you quite understand how IRC weenies and script kiddies work. They don't know or care what kind of machine is on the other end of the network. They simply run their entire suite of tools until they find one that works. Being able to identify the machine is a cute exercise but it doesn't make it any less vulnerable. The script kiddies have all the time in the world, they simply run *ALL* the exploits. They often don't know what kind of machine they are logged into even though they have a shell prompt sitting there that they can type 'uname' on. It's kinda amusing to watch, actually. I wish I had saved all the terminal monitoring sessions :-(. These people don't know anything. They aren't programmers, they aren't scripters, they aren't even *smart*! They are idiots with a toolbox of programs with big red letters that say "go". One time Dima and I sat down and watched one of these bozos try to run a suite of SGI exploits on a FreeBSD shell box. He was so stupid he didn't even know he was sitting in a FreeBSD shell session! He spent over an hour trying to break into the box with SGI exploits before giving up. We recorded hundreds of hours of terminal sessions of hackers trying to break into our machines. Hundreds of hackers, and of all of them I think there might have been one or two that actually knew what they were doing (and those two still couldn't break root). -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message