[geeks] fw
mattyml at daemons.net
mattyml at daemons.net
Thu Jul 25 14:49:56 CDT 2002
On Thu, 25 Jul 2002, Greg A. Woods wrote:
> [ On Thursday, July 25, 2002 at 13:00:10 (-0400), mattyml at daemons.net wrote: ]
> > Subject: Re: [geeks] fw
> >
> > Security through obscurity is not a solution either. I read an interesting
> > article about detecting remote OSs, and injecting payloads based on this
> > reconnaissance. If you can make a probable guess, and find an OS,
> > determining where to stick your payload on the stack is easy. You could
> > also cycle through shellcode for 20 platforms and inject accordingly :)
>
> Except in this case it's not "security by obscurity" -- it's security by
> knowing and understanding the limitations of the skills of known
> attackers and using that in your risk assesment.
>
I would have to disagree. You are using an OS and platform that is non
standard, as far as readily available attack scripts go. How is this any
different than running ssh on port 1001? That is non standard also, and
will break most of the available attack scripts. I still think you are
trying to obscure your platform to achieve security. From a "smart"
attackers point of view, the OS and platform it resides on is irrelevant.
If I was looking to exploit NetBSD on a SPARC, I would look to inject
sparc assembly instructions based on reconnaissance and probing. Not to
say using a different OS and paltform is bad, *I* just feel it is
obscuring
things.
More information about the geeks
mailing list