% I am not sure you could cover all possibilities of a configuration with
% probing for anything more complex than a very simple system. I think
% you need some outside information to guide the probing (e.g. why the
% system was set up a certain way, time based dependencies). When I was
% working in the private sector, there were systems that you could never
% figure out what happened until you went through an entire yearly cycle
% (e.g. month-end, quarter-end, year-end). You could set up a system to
% reproduce the yearly cycle with historical data, but then that is not
% just probing a live system.
While it is true that any system can be tied into arbitrarily complex
knots, from the outside it generally has to present a narrow set of
services. This assumes we are talking about a server providing services.
But most of the knots seem to be partitionable into problem spaces.
IE, the Webserver is different than the accounting package is different
than the mail package. But there are some expected relationships.
IE, the accounting package uses both the webservices and the mail services,
but this is generally through a known API. Or at least thru a small number
of countable API's.
Since we know something about the structure. And we know the kinds
of things that are possible, it should be possible to write software that
find signatures.
I was looking at honeyd yesterday. It is a honeypot system that creates
virtual networks including external signatures to trick people with.
In the same way, it should be possible to look for similar kinds of
signatures which guide exploration.
Let's switch gears... Lets assume we were building an expert system
to learn how a system admin disects a unix system to understand what it
does. And we put a team of people watching you as a system admin
probing a system. And they ask you, why did you look there? And what
is the goal of that test? And they build a set of descriptions
of tests and explorations....
is it possible to model that human behavior of exploring a
unix system that is unknown?
John Sechrest . Helping people use
. computers and the Internet
. more effectively
.
. Internet: [EMAIL PROTECTED]
.
. http://www.peak.org/~sechrest
_______________________________________________
lssconf-discuss mailing list
lssconf-discuss@inf.ed.ac.uk
http://lists.inf.ed.ac.uk/mailman/listinfo/lssconf-discuss
