Tack, that is outright scary.
On Thu, 31 May 2001, Erik Curiel wrote:
>
> Well, shit, even if no one else is doing it yet, it sounds like a pretty
> good idea to me! I say we do it.
>
> E
>
> On Thu, 31 May 2001, Daniel Trudell wrote:
>
> > ok, so maybe this could be called "entry n in the diary of a
> > /var/log/messages junkie"
> >
> > Gnutella's port is 6346. As a brief refresher....gnutella is like napster
> > with no central server. every peer is also a search server.
> >
> > So anyway....it's fairly disributed, and you can make your own client,
> > seeing as how the protocol is open source. Well, a common way to beat
> > intrusion detection is to do each probe from a seperate IP. I've started
> > to see denied packets (oh miraculous tcpwrappers, I worship thee) in my
> > logs with a source port of 6346 (gnutty) and high level dest ports
> > corresponding to various proxy servers.
> >
> > So with enough paranoia, tequila and inference it becomes possible that
> > people are using gnutella to distribute the sources of sweeps and scans,
> > thereby beating IDS's. It is also possible that a gnutty client out there
> > has a very agressive discovery phase implementation.
> >
> > Anybody noticed anything similar? It seems much more efficiant than
> > cracking boxen to launder identity...dupe people into running your scanner
> > in the background by giving them trojaned gnutella clients...or at least
> > superimposing your probe on top of a gnutella request.
> >
> > tack
> >
> > -------------------------------------------------------
> > "My Penguin style Kung-Fu will beat your Redmond style"
> >
> >
>
>
--
--------------------------
sach jobb
sugoi consulting
1177 polk street
san francisco, ca
94109
--------------------------
415.345.8872 (w)
415.345.8871 (f)
415.336.3128 (c)
[EMAIL PROTECTED]
http://voltron.gaffle.com
--------------------------
%s/windows/linux/g
"Hacker /n./: ...7. One who
enjoys the intellectual
challenge of creatively
overcoming or circumventing
limitations."
--Jargon File 4.1.2
(http://www.tuxedo.org/~esr/jargon/)
