(no subject)

Dagmar d'Surreal dagmar.wants at nospam.com
Wed Mar 10 05:54:47 PST 2004


On Sun, 2004-03-07 at 13:45, Kendrick wrote:
> Dagmar d'Surreal wrote:
> 
> > will often be better served by
> >looking into the banners option it has.  A simple text file containing
> >"SSH-1.5-OpenSSH_2.3" can work wonders for screwing with people trying
> >to scan for vulnerabilities. 
> >
> eh?  im a little cerous about what is ment  here

Tcpwrappers will normally just drop a connection that's been made from
an unauthorized host.  The banners option will make it send a short file
(usu. text) to the socket before closing it.  You can use this to send
simple messages that look like a daemon telling you to go away, or to
just make it look like there's a server there answering (to the naked
eye, so to speak) and then dropping the socket.  If you put something in
that will make a tool like nessus holler about it, you can generally
discern the difference between a casual portscan and someone who
definitely wanted in by looking at how many times they fondled that port
compared to the rest.
-- 
The email address above is phony because my penis is already large enough, kthx. 
              AIM: evilDagmar  Jabber: evilDagmar at jabber.org




More information about the hlfs-dev mailing list