On 11/25/09 10:45, Garrett D'Amore wrote: > ... > > This is totally different from nmap, btw. IIUC, nmap does scans to > passively identify potential weaknesses. I don't think it actually > has any *exploits* for them. (Put another way, I don't think "nmap" > used solely by itself can do serious harm. I think yersinia is quite > different. I think their choice of name is suitably apropos -- naming > after the black plague.) > > I feel strongly enough about this that I'm going to derail.
Let me summarise the differences that I see: * I can use nmap from my workstation at Sun to remotely probe and test a host connected to the Internet anywhere in the world for services that it provides and might be vulnerable, all the while looking like it is Sun doing that; * I can use yersinia to at most disrupt traffic on SWAN but more likely this would be restricted to the LAN segment I'm on at Sun. Whilst the primary raison d'etre for both might be different, so too is the scope of their aid to someone undertaking nefarious activity. yersnia isn't going to help you break into a remote host but it might help you become the man in the middle when you others wouldn't have. Even then it only threatens unencrypted traffic or encrypted traffic without peer authentication. It also a possible threat when the trust relationship between two hosts does not involve cryptography. I think that derailing this case is an over-reaction primarily because it has been seen as an "attack" tool without properly considering what the scope of its potential targets is. Darren
