[Dshield] little experiment

simon raven simon at nuit.ca
Tue Mar 1 20:08:27 GMT 2005


Le Mon February 28, 2005 20:41, Paul Marsh a écrit:


> 
> I setup a little experimental site that tries to do a couple simple
> security checks based on browser id and such, and a portscan. I do need
> a couple more people to see if it works / is helpful.
> 
> http://www.amihacked.com is the URL. Let me know if it works or where it
> breaks. One of the goals is also to make some of the dshield information
> a bit more accessible. We already have the 'are you hacked' banner, but
> its a bit limited when it comes to the next step ("Why is the banner
> flashing at me?").
> 
> thanks for any feedback.

woohoo, snort lighting up like an x-mas tree, and my firewall log filling up 
like it was hungry for the stuff. yes i did the port scan ;). worked well. 
gotta give 5 points for grsec:

No OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SInfo(V=3.48%P=i386-redhat-linux-gnu%D=3/1%Time=4224C9C7%O=21%C=-1)
TSeq(Class=TR%IPID=RD%TS=1000HZ)
T1(Resp=Y%DF=Y%W=15E0%ACK=S++%Flags=AS%Ops=MNNTNW)
T2(Resp=N)
T3(Resp=N)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=N)
T6(Resp=N)
T7(Resp=N)
PU(Resp=N)

not even close. it's not a redhat box, it's not an x86 box. oh, and i'd 
consider upgrading the version of nmap there, if "SInfo(V=3.48" is an 
indication (i have 3.75 installed here).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 652 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20050301/d4608cd8/attachment.bin


More information about the list mailing list