[prev in list] [next in list] [prev in thread] [next in thread] 

List:       incidents
Subject:    Re: Any security incidents?
From:       "Campi, Nathan P." <jak0npc () JAK10 ! MED ! NAVY ! MIL>
Date:       1999-07-09 19:30:23
[Download RAW message or body]

I just want people to know about Marcus Ranum's "Back Officer Friendly."
I use it to detect netbus and Back Orifice scans at home when dialed up
to the net. It can send fake replies, interpret the actions the remote
user is attempting and also listen on other common ports.
Get it at www.nfr.net/bof/
Run it on your home machine and you'll be amazed at just how often you
are scanned... I sure was.

> Seeing pretty frequent netbus scans per month on my home PC i wrote a
> quick NetBus-emulator, and i'm waiting for people to get in now. It
> features only some of the functions that require server's reply (i.e.
> seeing the list of windows, opposed to openning the CD which requires no
> response). I've set up a fake filesystem to see what they'll
> download/upload/remove, but for security purposes the file resulting of
> any download is a quick reminder of appropriate polish law (you're
> risking up to five years in prison if you affect a data processing
> system's operation intending to do harm or make profit). There's also a
> "fakebo" package available, which emulates NetBus, BO and some more -
> see freshmeat.

BTW, it runs on win32 and UNIX.
--


  Nate Campi
  npcampi at jak10.med.navy.mil
  check out my infosec tutorials & howto page at:
  http://www.geocities.com/Heartland/Plains/4805/links.html

[prev in list] [next in list] [prev in thread] [next in thread]