NYCPHP Meetup

[Jon Baer]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hans Zaunere wrote:

| Personally, I don't.  Plain and simple, it's so easy to determine your
| platform just by looking at the TCP/IP packets (called OS
| fingerprinting).  Besides that, there are so many ways a box leaks it's

So true ...

Practically the only real thing you can do from a security pespective is
to virtually "listen" to the mailing lists which get the word out,
things like Bugtraq, FullDisclosure, OSVDB, and others.

There are tons of projects in the works (aka "Sourceforged") that try
packet mangling for your box to prevent OS fingerprinting (like Morph)
in which even the authors have a very tough time hiding details from
passive OS sniffing because your packets just get out there w/ alot of
detail.

For Linux there are items like IPpersonality kernel patches which can
fool the stack but not sure its worth going through all that trouble.
Ive "studied" the security area for a while now, the honeynets/rootkits
and other cat/mouse trickery is pretty interesting topics.

I find it that you cant really arm yourself with a "one software package
~ does it all" defense approach + your only *real* defense is better
knowledge of security as a whole.  So beyond going undercover and
mingling w/ the folks writing the exploits, joining those lists gives
early insight.

Oh, and BTW another interesting topic you might be interested in, Port
Knocking ... www.portknocking.org

The concept: A port remains closed and waits for a secret knock sequence
on closed ports before opening itself.

- - Jon

- --

pgp key: http://www.jonbaer.net/jonbaer.asc
fingerprint: F438 A47E C45E 8B27 F68C 1F9B 41DB DB8B 9A0C AF47
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Cygwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA+LegQdvbi5oMr0cRAoIfAJ9kTm3JCR0uD/yGgP58dfrubGzOSgCeKEmn
IItGuGtA/kJ93e0k6VzmpPo=
=rKxG
-----END PGP SIGNATURE-----