RE: [ANNOUNCE] protocol watcher

From: Jerry Shenk (jshenkat_private)
Date: Thu May 22 2003 - 12:10:24 PDT

Next message: Luciano Z: "cisco 7200 performance issue"

Previous message: Valdis.Kletnieksat_private: "Re: Scans from proxyprotector.com"
In reply to: Justin Pryzby: "[ANNOUNCE] protocol watcher"
Next in thread: Justin Pryzby: "Re: [ANNOUNCE] protocol watcher"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

That does sound like a pretty decent idea.  I know when I pen-test a Raptor
firewall, it reports so many ports as being open that it's a bit of a
nuisance to sort through what's really open and what's not.  From the
security side, this gives the 'victim' plenty of time to track this incoming
junk while the attacker's fumbling around trying to figure out what's real
and what isn't.

One major issue I see...How vulnerable to attack do you think that will be?
If that method of defense were detected, an attacker chew up a lot of
resources but scanning fast.

-----Original Message-----
From: Justin Pryzby [mailto:justinpryzbyat_private]
Sent: Wednesday, May 21, 2003 5:00 PM
To: incidentsat_private
Subject: [ANNOUNCE] protocol watcher


I emailed the list previously asking if anyone knew of a way to
automatically accept and log all connections to a computer.  My thanks
to all that replied; unfortunately, I was unable to find exactly what I
wanted.  Since then, it occurred to me that this piece of software would
not be hard to write, so, three attempts later, it is written.

``Protowatch'' may be now be found on sourceforge:
[http://www.sf.net/projects/protowatch/].  It will work only for Linux
2.4/2.5, as it requires the iptables QUEUE target to dynamically run a
server (in userspace) for each unhandled packet.

It has not been well tested, but is a trivial piece of code.  I will be
in a better position to test it in two weeks; atm I am behind a home
router.

Questions, comments and flames are welcome.

Justin Pryzby

----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies
that are enforced to protect WLANs from known vulnerabilities and threats.
Learn to design, implement and enforce WLAN security policies to lockdown
enterprise WLANs.

To get your FREE white paper visit us at:
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------



----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------

Next message: Luciano Z: "cisco 7200 performance issue"
Previous message: Valdis.Kletnieksat_private: "Re: Scans from proxyprotector.com"
In reply to: Justin Pryzby: "[ANNOUNCE] protocol watcher"
Next in thread: Justin Pryzby: "Re: [ANNOUNCE] protocol watcher"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 22 2003 - 12:20:48 PDT