[sf-lug] Advantages of distro package regimes

[Kristian Erik Hermansen]

On Dec 26, 2007 4:09 PM, Charles N Wyble <charles at thewybles.com> wrote:
> I am well aware of that. I am not some newbie. I have handled a number
> of security incidents at various organizations.

That is a great learning experience for sure on the side of the
defender.  Have you ever played the attacker role?  It takes a
different mind set.  Many people are better at it than I am, and
probably you as well.  Some have been doing it since pre-teen years...

> I am well aware of peer review and bug fixing. You don't need to point
> that out to me. I have led several enterprise software projects and a
> couple open source ones.

The discussion was meant for the list, and not merely for you.  Anyone
can participate, so please don't make it seem as if I were
trivializing your experience...

> Yes they do. And its something to keep an eye out for. Some people have
> automated checks in place for this sort of thing, depending on there
> threat profile etc.

Of course it is very easy to detect this activity.  I was not trying
to be stealthy in my scanning.  Note the -T5 option and use of a
common tool rather than some customized code...

> Have you ever heard of a honeypot? The nmap output below is quite common
> on systems that are running honeypot software.

Sure, and I have seen many talks by Lance Spitzner.  They still won't
defend against social engineering the DNS updates :-P
-- 
Kristian Erik Hermansen
"I have no special talent. I am only passionately curious."