lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: measl at mfn.org (J.A. Terranson) Subject: SNMP Broadcasts On Thu, 15 Jul 2004, Martin Wasson wrote: > From: Martin Wasson <marto@...htingillini.com> ^^^^^^^^^^^^^^^^^^ What's stopping you from using your, um, more common address? > >>This is not, *technically* SNMP, as it is not using it's assigned ports. > >>This is a variant, and interestingly, that port is assigned to > >> > >> empire-empuma 1691/tcp empire-empuma > >> empire-empuma 1691/udp empire-empuma > >> > >>Unless Sysedge is the decendant of "empire-empuma", it doesn't belong > >>there either > >>Unfortunately, the odds of this kind of newbie being able to > >>successfully utilize it are slim. Still, if he is going to ask for > >>help with odd packets, he must be able to document them, and this is > >>the standard way to do so. Before going further - I had to re-wrap your text, as it was full of looooooonnnnngggggggg lines. Any inadvertent errors introduced are strictly your fault for using M$-ware :-) > Oh, I get it. So if root executes "sshd -p 45522" --this is not > *technically* ssh, right? If sshd is running on 45522 it's a back door Marty :-) And no, in this case, pedantic or not, it's not "ssh" as is commonly accepted. > Learn that at MCSE school? ;o) Heh heh. > Just kidding. Just for the record, since we *are* public here, and full of the Spirit Of Full-Disclosure, let's note that you are the only MCSE here. It'll be a cold day in hell before I pay for anything Micro$loth. > But really, precisely what protocol does it become on > port 45522? What if the only "Listen" directive in my httpd.conf says: > "Listen 45580"? Is it *technically* not an http server? It is at that point a service, running on the specified port, which happens to process the HTTP protocol. > And you're flaming newbies? Come on, Alif. Give the guy a break, will > you? And *here* we finally come to the only valid argument. One which I generally agree with BTW, and in fact one I had two long conversations about yesterday. The only truly valid point that *I* can muster in my own defense here was the forum Mr. Knob chose for his polemic: FD. Had this missive come across a newbies list like "incidents", he'd have likely received what he really needed - some serious help in understanding enough of his system to be able to just describe his problem. But he didn't post this to a newbies "helpme" forum. He [unwisely] posted this to FD. And he did it on the same day some crackpot newbie MCSE moron kept telephoning me that "your MAC addresses are attacking me". Yes, you read that right. I own an OUI, and some moron decided that some random number somewhere was in fact an indicator that I was (a) attacking him with a device using that OUI (theoretically possible, but puhleeze), and that (b) he could see my OUI clearly in the TCP headers (forwarded across multiple router hops, of course!). So, Mr. Knob became the unwitting and unwilling recipient of my days frustration with the latest crop of the Endless Summer. Is he due an apology? Maybe - I'm genuinely not certain, and as I said, I've actually discussed it with two people (both on this list). Do I care? No. Not in the least. Posting something like that as a factual statement, in what amounts to an experts forum, will get you bitch-slapped. Please note that we *all* have done similar - and as I pointed out to my friend last night, I thank god that DejaGoogle hadn't yet been born when I made early appearances upon the world's stage of Stupid Newbie Tricks - but that doesn't really matter here. Hell, I'm still not even certain that Knob's post wasn't a troll! Either way - I am unapologetic. I was *almost* apologetic yesterday, but, that was then, and this is now. > He'll learn to ask the right questions, and give you what you need to > help him. And I sent him off in that direction, with a mission to find Ethereal. My gift :-) > Someday we're gonna need this guy to help the newbies that > come after him. Do we really want to teach him that the way to do that > is through insults and abuse until the newbie asks the questions the way > HE wants them asked? In a forum such as this - yes. I'm serious Marty. You know me: I receive several thousand emails a day, I parse quickly, and I adjust to the environment: I have sent many a newbie down The One True Path. But I won't do that here - I have a hard enough time sifting through Len's little sludge factory as it is. > You're a better man than that. You've been around > a long time, and it's easy to take ALL of that experience and knowledge > for granted. You know who that often sets up unreasonable expectations > of the wide-eyed does just coming up. Wide eyed Bambi's who wander onto highways get hit, and often killed. Papa Bambi needs to get his kid off the roadbed. > When Mr.muthanna tried to help, and corrected you, he did it with class What? I don't get any points for a gracious acknowledgement he was right? Fer Shame Marty! > and a genuine interest in helping. I applaud him for that. As do I, in priciple. But you know what? He also has encouraged this guy to post again. That's one more email for us to sift through. No thanks. That's not what I sub to this list for, nor is it even what this list is *chartered* for. > Billybob is > looking at his external interface and trying to figure out who's trying > to get in, right? So he's at least headed in the right direction. > Let's support that instead of stomping on him for being new. The people > to flame are the lazy, windows-licking dumbasses who aren't asking for > help. Don't ask me for help on something fundamentally basic in a forum dedicated to the discussion of other things. He just learned the Most Important Lesson On The Internet: There is a place for everything, and they are not interchangeable. > I hope all is well with you, and often wonder how you're doing. I'm kicking back, relaxing after my Savvis stint (yes, for the sixteen people who haven't yet heard, I'm no longer running OpSec at Savvis). Money's not as good running solo (I'm making about half my old salary), but I'm also not doing call anymore, haven't worked more than 4 hours in any one day since I left, and take three days off *every* week. So I guess things are Good :-) But then, This Is Not The Place For This Discussion (tm). > Additionally, Sysedge is an SNMP Management Product marketed > by (Concord)Empire Technologies, and it does belong on port 1691. Exactly! It's an SNMP-like product, which is why it has it's own WKP. In fact, you can't GET a WKP unless your protocol is somehow unique, and you have to submit your protocol detail (under NDA) in order to *get* a WKP. This is *not* SNMP on 1691. It is an SNMP-like protocol, on it's own WKP of 1691. > Best Regards, > > Marto //Alif -- Yours, J.A. Terranson sysadmin@....org "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more?
Powered by blists - more mailing lists