[Courses] [Security] return RST

Raven, corporate courtesan raven at oneeyedcrow.net
Thu Mar 28 02:45:48 EST 2002


Heya --

Quoth coldfire (Wed, Mar 27, 2002 at 02:35:39AM -0500):
> not to flag myself as a blackhat or anything ;p .. but when i see a
> firewall, i say to myself, "i wanna see if i can break this."  but i would
> want to do so just to learn, circumvent protection .. that kind of thing.
> i can imagine that if it was someone with malicious intent, they would 
> target the quickest and easiest machine.

	I think it probably depends on the malicious intent.  [grin]
Your run of the mill script kiddie is generally looking for two things.
1) to compromise the most machines possible, and 2) to "get" the people
that have pissed them off.  If you haven't somehow ticked off the script
kiddie, they'll usually go looking for easier prey.  (Note that ticking
off a script kiddie can be as easy as "somebody said that somebody else
said that you said something bad about me", when you said no such thing,
or successfully locking them out of a machine that they once had broken
into.)

	If you have a more skilled black hat, the firewall probably
won't dissuade them.  But it should make their job harder.
 
> but if you're on the same network as a scanning machine, you can figure
> out whether a host is up or not regardless of it's firewall policy.
 
	How?  Put your port in promiscuous mode and sniff the network
for traffic with that IP in general?  Or did you have something else in
mind?

Cheers,
Raven 
 
"If cryptography is outlawed, only eoriy oaishd qriou lahsflk asad!"
  -- Yad, on the work mush



More information about the Courses mailing list