Damian Gerow wrote:
> But if the scan pulls up
> all 65535 ports open (this is a trick I've learned - it actually
> confuses Nmap so that the _real_ open ports are lost somewhere in the
> scan), the kiddie's probably going to back off, being incredibly
> confused.
This reminded me I a somewhat (legally) flawed idea I had in the past
which was to redirect all the probes back at the host that they were
coming from. This way the perpetrator would be scanning the machine that
(s)he is sitting on and wasting their time trying to break into their
own system.
The interesting part of this is if they are on a system that they
previously broke into you get to watch how they did it, as they are sure
to use the same old bag of tricks the second time around. Imagine their
surprise when they figure out what happened, as they are sitting there
staring at the same command prompt that they started out with after N
hours of effort! They might just leave that host alone from there on,
thinking that they are being watched and toyed with by someone smarter
than them self. I would love to see the expression on their face then.
--
Steve Coleman <[EMAIL PROTECTED]> http://www.jhuapl.edu/
High Performance, fault tolerant, distributed, real-time computing
<<-------->> Johns Hopkins Applied Physics Laboratory <<--------->>
Balt:443-778-6330 Fax:443-778-5597 Wash:240-228-6330 Fax:240-228-5597
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
