Bugtraq mailing list archives
Re: stealth port scanning
From: dps () IO STARGATE CO UK (Duncan Simpson)
Date: Mon, 8 Sep 1997 17:32:02 +0100
Actually there is another bug in my patch: it implements the wrong behavour. See previous bugtraq article from Darren Read. My patch implements the wrong behavour. Fixing the problem requires protocol violation and all vulnerable machines are actually implementing the IP v4 spec! Roll on IPv6 with proper security built in... and helpful tehnnology like policy routing so that IP address goes in different directions for different people---Linux 2.1.x both already. NT has neither. I guess the trick is not having vulnerable services open the public. One might leave some traps, for example rcmd, fake decode aliases (with EXPN disabled so crackers can not tell it is not a hole, of course). tcpd gives me conditional traps too, so things like telnet can work for me but not for crackers. Cracking one's own computers is OK but cracking other people's I am less ure about. I am tempted to demonstrate the "security" of NT by using false source routing from whitehouse.gov to forge a message from the president, inlcuding the correct injection IP address (a nice feature of NT for crackers). -- Duncan (-: "software industry, the: unique industry where selling substandard goods is legal and you can charge extra for fixing the problems."
Current thread:
- Re: stealth port scanning Fyodor (Sep 08)
- Re: stealth port scanning Duncan Simpson (Sep 08)
- Re: stealth port scanning Alan Cox (Sep 08)
- Security Bulletins Digest Aleph One (Sep 09)
- AIX bugfiler Aleph One (Sep 09)
- FTP compromise. Aleph One (Sep 09)
- OpenBSD Security Advisory: BSD I/O Signals Thomas H. Ptacek (Sep 14)
- Re: OpenBSD Security Advisory: BSD I/O Signals Alan Cox (Sep 15)
- Small bug in screen-3.7.1 gershwin (Sep 15)