[Dshield] Msft Research
Jody J. Hietpas
jodyh at iname.com
Thu Aug 18 04:02:34 GMT 2005
On Wed, Aug 17, 2005 at 08:40:46PM -0400, TheGesus wrote:
> This has been in my iptables startup for weeks:
> iptables -A INPUT -s research.microsoft.com -j DROP
> see also:
I've been wondering how long the HoneyMonkey would be effective for them. When their list of monkeys becomes known, it will severely limit its effectiveness. We have already had a discussion about mapping the DShield sensors by sending crafted packets around the net to see what ends up in the reports. ( http://www.usenix.org/events/sec05/tech/bethencourt/bethencourt_html/ ) I'm guessing that we are spread over a much wider and more diverse section of the Internet than what Microsoft could use to hide their Monkeys. Isn't it just a matter of time before the nastier exploits (the ones they really need to find) are coded to evade the Monkeys?
I think the project is a good idea. I like that they are thinking of new ways to discover problems. I don't think that they are in any way relying on this to find everything, but it gives them another data point. Maybe they have already figured out ways to evade detection. I just don't know how long they will be able to fight the war on this front.
perl -e'print "\n", pack("h*","a6f64697860496e616d656e236f6d6a0"), "\n\n";'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20050817/b45ee26d/attachment.bin
More information about the list