sniffer/promisc detector

Mine too. So nmap sucks if you want to quickly identify daemons running


strange ports. No big deal. This discussion wasn't about nmap to start


The point of the discussion was wether it made sense to run services on
non-standard ports to deter cr4x0rs. And I feel it doesn't.

Actually, the point of the discussion was whether security
through obscurity (A.K.A. camouflage techniques) is a legitimate
tool in the security arsenal.

As long as a sshd yells "SSH-1.99" at you the moment you connect to it's
port there's no hiding sshd.

Like I said, ... camouflage ...
It doesn't stop with port numbers. And if you do camouflage the real
SSH and run a honeypot on port 22 that looks like SSH, where do you
think the haxors will put their attention first?

A well-tuned iptables or equivalent, on the other hand, might hide the
presence of daemons completely for anyone except the designated users.


is that for obscurity?

Great idea. The whole point of camouflage and obscurity techniques
is to confuse observers/attackers and this fits the bill.

I agree that security through obscurity should always be backed up
with real hardening where possible, but I also believe that multiple
techniques working in synergy is best.

--Michael Dillon