[geeks] fw

mattyml at daemons.net mattyml at daemons.net
Thu Jul 25 12:00:10 CDT 2002


On Thu, 25 Jul 2002, Jochen Kunz wrote:

> On Thu, Jul 25, 2002 at 04:01:58AM +0200, alex at r2e.lt wrote:
>
> > 100Mbit/s
> I have no experience with filtering that much data, but simple packet
> filtering like "only this IP with port 80, only that IP with port 22"
> should be OK.
>
> > > (i.e. a non-Linux OS)
> > Why?
> Because I don't like Linux. ;-)
> Because 99.999% of all this annoying script kiddies will fail with the
> usual Linux exploits. This is also the reason for not using a PeeCee.
> Guess what a PowerPC based Mac with NetBSD will say to a i386 code
> containing exploit?
> --

Security through obscurity is not a solution either. I read an interesting
article about detecting remote OSs, and injecting payloads based on this
reconnaissance. If you can make a probable guess, and find an OS,
determining where to stick your payload on the stack is easy.  You could
also cycle through shellcode for 20 platforms and inject accordingly :)

- Ryan



More information about the geeks mailing list