[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Summary and possible solution for merging protocols
From:       Roberto Alsina <ralsina () unl ! edu ! ar>
Date:       1999-12-03 8:21:08
[Download RAW message or body]

On Fri, 3 Dec 1999, Lars Kneschke wrote:

> Nicolas Brodu wrote:
> > Can scan the ports of target host to found supported protocols, and then call
> > the corresponding ioslaves. Conflicts can be handled by prefix depending
> > on the protocol (see knetmon/netknife) and/or setting up a user prefered
> > order.
> Maybe you can also capture the network-traffic. So you know which hosts
> are active and wich services they offer. This could be a solution for a
> big network, because there will be enough traffic to analyze and it
> creates no traffic. For a little network it is maybe better to scan the
> network.

a) If you scan one of my servers to see which ports are open, you will
trigger an alarm, and probably will get put in hosts.deny very quickly.

b) If you set yourself in promiscuous mode (which you need to capture the
network traffic not addressed to you) you 

	b.1) Need to be root
	b.2) Will trigger another alarm

Both things are usually considered as "unusual" activities, indicative of 
attempts at cracking.

I'd really hate it if they were suddenly performed routinely for normal
tasks, since it would make detection of real cracking attempts a whole lot
harder.

 ("\''/").__..-''"`-. .         Roberto Alsina
 `9_ 9  )   `-. (    ).`-._.`)  ralsina@unl.edu.ar
 (_Y_.)' ._   ) `._`.  " -.-'   Centro de Telematica
  _..`-'_..-_/ /-'_.'           Universidad Nacional del Litoral
(l)-'' ((i).' ((!.'             Santa Fe - Argentina
                                KDE Developer (MFCH)
Not mad, but bound more than a madman is (Romeo and Juliet, Act I Scene II)

[prev in list] [next in list] [prev in thread] [next in thread]