[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Summary and possible solution for merging protocols
From:       FERDINAND GASSAUER <f.gassauer () aon ! at>
Date:       1999-12-04 11:57:30
[Download RAW message or body]

Roberto, which program  do you use to trigger the alarm ?
cu 
ferdinand

Am Fre, 03 Dez 1999 schrieb Roberto Alsina:
> On Fri, 3 Dec 1999, Lars Kneschke wrote:
> 
> > Nicolas Brodu wrote:
> > > Can scan the ports of target host to found supported protocols, and then call
> > > the corresponding ioslaves. Conflicts can be handled by prefix depending
> > > on the protocol (see knetmon/netknife) and/or setting up a user prefered
> > > order.
> > Maybe you can also capture the network-traffic. So you know which hosts
> > are active and wich services they offer. This could be a solution for a
> > big network, because there will be enough traffic to analyze and it
> > creates no traffic. For a little network it is maybe better to scan the
> > network.
> 
> a) If you scan one of my servers to see which ports are open, you will
> trigger an alarm, and probably will get put in hosts.deny very quickly.
> 
> b) If you set yourself in promiscuous mode (which you need to capture the
> network traffic not addressed to you) you 
> 
> 	b.1) Need to be root
> 	b.2) Will trigger another alarm
> 
> Both things are usually considered as "unusual" activities, indicative of 
> attempts at cracking.
> 
> I'd really hate it if they were suddenly performed routinely for normal
> tasks, since it would make detection of real cracking attempts a whole lot
> harder.
> 
>  ("\''/").__..-''"`-. .         Roberto Alsina
>  `9_ 9  )   `-. (    ).`-._.`)  ralsina@unl.edu.ar
>  (_Y_.)' ._   ) `._`.  " -.-'   Centro de Telematica
>   _..`-'_..-_/ /-'_.'           Universidad Nacional del Litoral
> (l)-'' ((i).' ((!.'             Santa Fe - Argentina
>                                 KDE Developer (MFCH)
> Not mad, but bound more than a madman is (Romeo and Juliet, Act I Scene II)

[prev in list] [next in list] [prev in thread] [next in thread]