[66731] in North American Network Operators' Group
Re: sniffer/promisc detector
daemon@ATHENA.MIT.EDU (Alexei Roudnev)
Thu Jan 22 02:38:45 2004
From: "Alexei Roudnev" <alex@relcom.net>
To: <davei@algx.net>, <Michael.Dillon@radianz.com>
Cc: <nanog@merit.edu>
Date: Wed, 21 Jan 2004 23:38:52 -0800
Errors-To: owner-nanog-outgoing@merit.edu
>
> Yes. But making a bomber "stealth" means designing it to be difficult
> to detect by an opponent. It doesn't mean painting "I am Not a
> Bomber, I Am The Ice Cream Man" on the side and hoping nobody takes a
> second glance at it.
This works as well. 6 years ago we set up faked telnet services, which
writed out login/password and reported 'no more processes', run a few faked
telnet sessions (so that sniffers could record them) and then tracked an
attempts to login. 'I am ice cream man' is a pretty good idea.
Of course, if anyone will do it., Internet became some kind of 'Made man
house' (it is already, isn't it?)
