[Dshield] Msft Research

Jody J. Hietpas jodyh at iname.com
Thu Aug 18 04:02:34 GMT 2005

On Wed, Aug 17, 2005 at 08:40:46PM -0400, TheGesus wrote:
> This has been in my iptables startup for weeks:
> iptables -A INPUT -s research.microsoft.com  -j DROP
> see also:
> http://www.dshield.org/warning_explanation.php?fip=

I've been wondering how long the HoneyMonkey would be effective for them.  When their list of monkeys becomes known, it will severely limit its effectiveness.  We have already had a discussion about mapping the DShield sensors by sending crafted packets around the net to see what ends up in the reports. ( http://www.usenix.org/events/sec05/tech/bethencourt/bethencourt_html/ )  I'm guessing that we are spread over a much wider and more diverse section of the Internet than what Microsoft could use to hide their Monkeys.  Isn't it just a matter of time before the nastier exploits (the ones they really need to find) are coded to evade the Monkeys?

I think the project is a good idea.  I like that they are thinking of new ways to discover problems.  I don't think that they are in any way relying on this to find everything, but it gives them another data point.  Maybe they have already figured out ways to evade detection.  I just don't know how long they will be able to fight the war on this front.

perl -e'print "\n", pack("h*","a6f64697860496e616d656e236f6d6a0"), "\n\n";'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20050817/b45ee26d/attachment.bin

More information about the list mailing list