dagmar.wants at nospam.com
Wed Mar 10 05:54:47 PST 2004
On Sun, 2004-03-07 at 13:45, Kendrick wrote:
> Dagmar d'Surreal wrote:
> > will often be better served by
> >looking into the banners option it has. A simple text file containing
> >"SSH-1.5-OpenSSH_2.3" can work wonders for screwing with people trying
> >to scan for vulnerabilities.
> eh? im a little cerous about what is ment here
Tcpwrappers will normally just drop a connection that's been made from
an unauthorized host. The banners option will make it send a short file
(usu. text) to the socket before closing it. You can use this to send
simple messages that look like a daemon telling you to go away, or to
just make it look like there's a server there answering (to the naked
eye, so to speak) and then dropping the socket. If you put something in
that will make a tool like nessus holler about it, you can generally
discern the difference between a casual portscan and someone who
definitely wanted in by looking at how many times they fondled that port
compared to the rest.
The email address above is phony because my penis is already large enough, kthx.
AIM: evilDagmar Jabber: evilDagmar at jabber.org
More information about the hlfs-dev