North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: sniffer/promisc detector
* email@example.com (Dave Israel) [Tue 20 Jan 2004, 18:48 CET]: > On 1/20/2004 at 09:18:07 -0800, Alexei Roudnev said: [..] >> - unpatched sshd on port 30013 - safety is 7 (higher) because no one >> automated script can find it, and no one manual scan find it in reality > Actually, an automated script or manual scan can find it trivially. > All you have to do is a quick port scan, looking for this: [..] Indeed. And Alexei's point is that noone is looking for that. > one across the enterprise, so it is only really obscure once. Moving > port numbers only protects you against idle vandalism; it is useless > against people who truly wish you harm. Alexei's point also was that you need additional measures against those people. > You really need a firewall, particularly one that can detect a port > scan and shut off the scanner, for changing ports to have any real > security. It is kind of like a 4-digit PIN being useless for a bank > card without the 3-try limit. Unless you like really, really sore fingers, and don't think a long line of people waiting behind you at the ATM will attract any attention from the bank employees. -- Niels.