[Leaplist] will this work with IPCop
Randall Perry
randallp at hcrn.info
Wed Jan 9 19:25:41 GMT 2008
On 1/9/08, John Kramer <jakramer at ascenditsolutions.com> wrote:
> Very interesting concept and I definitely give points to the originator.
> However, what does the extra trouble really buy you? The real threat to the
> attacker is the blacklist. A randomly shifting port is just one means of
> detecting an attack. Identifying multiple failed login attempts occuring
> within a specified time period (perhaps even simultaneously) from a given IP
> address is another means of detecting an attack. Both approaches id the
> attacking address and blacklist it - however one is much easier on the
> legitimate user and this advantage over shimmering should multiplied by the
> number of legitmate users accessing the machine.
>
> Am I missing something here?
Yes, the point of shimmer is to pseudo cloak a device on the network.
Akin to port knocking (the author of Shimmer also created Tumbler--a
port knocking app)
The point is to take your existing services in one pile (including
fake services and honey traps), have your port list in another pile.
The 2 piles diverge in what appears to be chaotic (at least to the
outside world) resulting in a Forest Gump chocolate mess. You never
know what you're gonna git.
It really isn't chaotic, though. The port shuffling is accomplished
by a cryptographic technique that is understood by both the server you
are protecting and the client machine from where you want to connect.
It's a clever hack at trying to cloak a server that must have
listening ports opened up.
--
*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.
Randall Perry
Hope Crisis Response Network
www.hcrn.info
More information about the Leaplist
mailing list