On Thu, Apr 10, 2003 at 06:07:41PM -0400, waltdnes@xxxxxxxxxxxx wrote: > I'm sure every here has seens lots of SYN-packets in their logs, > trying to connect to various ports they shouldn't be talking to. I > don't run any public servers, and I use passive ftp, so I simply block > all connection attempts. The general procedure is to drop the packet, > and ignore it. What would be the effect of sending back a SYN-ACK > packet (and anything else necessary?) to fake the setting up of a > connection... and then dropping the packet and ignoring it ? Please check freshmeat for the following references: honeyd labrea arpd portsentry deception toolkit I think you will find more than you ever imagined. > Would an infected machine scanning the net eventually run into > resource limits and DOS itself ? I'm sure that professional crackers > can work around this, but if we can make things a bit more painful for > skiddies and automatic worms, then let's do it. > Can such trickery be pulled off with a current bog-standard iptables, > or does someone need to write a new "target"? Use a user space bodger. You can do much more amusing things that way. Honeyd can even fool nmap thinking it different operating systems. > -- > Walter Dnes <waltdnes@xxxxxxxxxxxx> > An infinite number of monkeys pounding away on keyboards will > eventually produce a report showing that Windows is more secure, > and has a lower TCO, than linux. Mike -- Michael H. Warfield | (770) 985-6132 | mhw@xxxxxxxxxxxx /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Attachment:
pgp00408.pgp
Description: PGP signature
