North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: sniffer/promisc detector
Criminal hackers _are_ stupid (like most criminals) for purely economical reasons: those who are smart can make more money in various legal ways, like by holding a good job or running their own business. Hacking into other people's computers does not pay well (if at all). Those who aren't in that for money are either psychopaths or adolescents, pure and simple. Neither of those are smart. The real smart ones - professionals - won't attack unless there's a chance of a serious payback. This excludes most businesses, and makes anything but a well-known script-based attack a very remote possibility. Honeypots are indeed a good technique to catch those attacks, and may be quite adequate for the probable threat model for most people. Of course, if you're doing security for a bank, or a nuclear plant, then you may want to adjust your expectations of adversary's motivation and capabilities and upgrade your defenses accordingly. But, then, bribing an insider or some other form of social engineering is going to be more likely than any direct network-based attack. For most other people a trivial packet-filtering firewall, lack of Windoze, and a switch instead of a hub will do just fine. --vadim On Sat, 17 Jan 2004 firstname.lastname@example.org wrote: > > I think I'll pass this onto zen of Rob T. :) > > i think he said something along the lines of "security industry is here for my > amusement" in the last nanog. > > so yea.. let's install bunch of honeypots and hope all those "stupid" "hackers" > will get caught like the mouse. > > by the time you think your enemy is less capable than you, you've already lost > the war. > > -J > > On Sat, Jan 17, 2004 at 02:31:06AM -0800, Alexei Roudnev wrote: > > > > The best anty-sniffer is HoneyPot (it is a method, not a tool). Create so > > many false information (and track it's usage) that hackers will be catched > > before they do something really wrong.