[Leaplist] will this work with IPCop

[Mr. Brunkow]

Randall Perry wrote:
> On 1/9/08, John Kramer <jakramer at ascenditsolutions.com> wrote:
>   
>> Very interesting concept and I definitely give points to the originator.
>> However, what does the extra trouble really buy you?  The real threat to the
>> attacker is the blacklist. A randomly shifting port is just one means of
>> detecting an attack. Identifying multiple failed login attempts occuring
>> within a specified time period (perhaps even simultaneously) from a given IP
>> address is another means of detecting an attack. Both approaches id the
>> attacking address and blacklist it - however one is much easier on the
>> legitimate user and this advantage over shimmering should multiplied by the
>> number of legitmate users accessing the machine.
>>
>> Am I missing something here?
>>     
> Yes, the point of shimmer is to pseudo cloak a device on the network.
> Akin to port knocking (the author of Shimmer also created Tumbler--a
> port knocking app)
>
> The point is to take your existing services in one pile (including
> fake services and honey traps), have your port list in another pile.
> The 2 piles diverge in what appears to be chaotic (at least to the
> outside world) resulting in a Forest Gump chocolate mess. You never
> know what you're gonna git.
>
> It really isn't chaotic, though.  The port shuffling is accomplished
> by a cryptographic technique that is understood by both the server you
> are protecting and the client machine from where you want to connect.
>
> It's a clever hack at trying to cloak a server that must have
> listening ports opened up.
>
>   
ok but as john pointed out do you have to open all of those ports in the 
firewall (IPCop) for it to work?

-- 
Raymond L. Brunkow
5th Degree Black Belt
Chief Instructor and Owner
Sun State Martial Arts
(407) 786-2525

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.leap-cf.org/pipermail/leaplist/attachments/20080109/8d621a29/attachment-0001.html