[66730] in North American Network Operators' Group
Re: sniffer/promisc detector
daemon@ATHENA.MIT.EDU (Alexei Roudnev)
Thu Jan 22 02:32:58 2004
From: "Alexei Roudnev" <alex@relcom.net>
To: <crist.clark@globalstar.com>
Cc: "Ruben van der Leij" <ruben-nanog@nutz.nl>, <nanog@merit.edu>
Date: Wed, 21 Jan 2004 23:32:59 -0800
Errors-To: owner-nanog-outgoing@merit.edu
I saw such scanners 6 years ago (amazingly, they could not determine very
old OS and very oold services...).
But, just again, no one use it in automated scans over the Internet. As I
was saying, port camuphlaging works as a very first line of defense - it
cuts 99% of all attacks and akllow you to deal with the rest 1%.
I'll measure time tomorrow... Such tools are usually very slow (and lost
20 - 50% of all packets, so to have a reliable result, you must scan host
2 - 4 times).
----- Original Message -----
From: "Crist Clark" <crist.clark@globalstar.com>
To: "Alexei Roudnev" <alex@relcom.net>
Cc: "Ruben van der Leij" <ruben-nanog@nutz.nl>; <nanog@merit.edu>
Sent: Wednesday, January 21, 2004 11:26 AM
Subject: Re: sniffer/promisc detector
> Alexei Roudnev wrote:
> >
> > Please, do it:
> >
> > time nmap -p 0-65535 $target
> >
> > You will be surprised (and nmap will not report applications; to test a
> > response, multiply time at 5 ).
>
> Yes. It will,
>
> http://www.insecure.org/nmap/versionscan.html
>
> --
> Crist J. Clark crist.clark@globalstar.com
> Globalstar Communications (408) 933-4387
