lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040715160030.J17279@ubzr.zsa.bet>
From: measl at mfn.org (J.A. Terranson)
Subject: SNMP Broadcasts

On Thu, 15 Jul 2004, Martin Wasson wrote:

> From: Martin Wasson <marto@...htingillini.com>
                             ^^^^^^^^^^^^^^^^^^

What's stopping you from using your, um, more common address?


> >>This is not, *technically* SNMP, as it is not using it's assigned ports.
> >>This is a variant, and interestingly, that port is assigned to
> >>
> >>		 empire-empuma   1691/tcp    empire-empuma
> >>		 empire-empuma   1691/udp    empire-empuma
> >>
> >>Unless Sysedge is the decendant of "empire-empuma", it doesn't belong
> >>there either
> >>Unfortunately, the odds of this kind of newbie being able to
> >>successfully utilize it are slim.  Still, if he is going to ask for
> >>help with odd packets, he must be able to document them, and this is
> >>the standard way to do so.

Before going further - I had to re-wrap your text, as it was full of
looooooonnnnngggggggg lines.  Any inadvertent errors introduced are
strictly your fault for using M$-ware :-)

> Oh, I get it.  So if root executes "sshd -p 45522"  --this is not
> *technically* ssh, right?

If sshd is running on 45522 it's a back door Marty :-)  And no, in this
case, pedantic or not, it's not "ssh" as is commonly accepted.

> Learn that at MCSE school?  ;o) Heh heh.
> Just kidding.

Just for the record, since we *are* public here, and full of the Spirit Of
Full-Disclosure, let's note that you are the only MCSE here.  It'll be a
cold day in hell before I pay for anything Micro$loth.

>  But really, precisely what protocol does it become on
> port 45522?  What if the only "Listen" directive in my httpd.conf says:
> "Listen 45580"?  Is it *technically* not an http server?

It is at that point a service, running on the specified port, which
happens to process the HTTP protocol.

> And you're flaming newbies?  Come on, Alif.  Give the guy a break, will
> you?

And *here* we finally come to the only valid argument.  One which I
generally agree with BTW, and in fact one I had two long conversations
about yesterday.  The only truly valid point that *I* can muster in my own
defense here was the forum Mr. Knob chose for his polemic: FD.  Had this
missive come across a newbies list like "incidents", he'd have likely
received what he really needed - some serious help in understanding enough
of his system to be able to just describe his problem.

But he didn't post this to a newbies "helpme" forum.  He [unwisely] posted
this to FD.

And he did it on the same day some crackpot newbie MCSE moron kept
telephoning me that "your MAC addresses are attacking me".  Yes, you read
that right.  I own an OUI, and some moron decided that some random number
somewhere was in fact an indicator that I was (a) attacking him with a
device using that OUI (theoretically possible, but puhleeze), and that (b)
he could see my OUI clearly in the TCP headers (forwarded across multiple
router hops, of course!).

So, Mr. Knob became the unwitting and unwilling recipient of my days
frustration with the latest crop of the Endless Summer.  Is he due an
apology?  Maybe - I'm genuinely not certain, and as I said, I've actually
discussed it with two people (both on this list).

Do I care? No.  Not in the least.  Posting something like that as a
factual statement, in what amounts to an experts forum, will get you
bitch-slapped.

Please note that we *all* have done similar - and as I pointed out to my
friend last night, I thank god that DejaGoogle hadn't yet been born when I
made early appearances upon the world's stage of Stupid Newbie Tricks -
but that doesn't really matter here.  Hell, I'm still not even certain
that Knob's post wasn't a troll!

Either way - I am unapologetic.  I was *almost* apologetic yesterday, but,
that was then, and this is now.

> He'll learn to ask the right questions, and give you what you need to
> help him.

And I sent him off in that direction, with a mission to find Ethereal.  My
gift :-)

> Someday we're gonna need this guy to help the newbies that
> come after him.  Do we really want to teach him that the way to do that
> is through insults and abuse until the newbie asks the questions the way
> HE wants them asked?

In a forum such as this - yes.  I'm serious Marty.  You know me: I receive
several thousand emails a day, I parse quickly, and I adjust to the
environment: I have sent many a newbie down The One True Path.  But I
won't do that here - I have a hard enough time sifting through Len's
little sludge factory as it is.

> You're a better man than that.  You've been around
> a long time, and it's easy to take ALL of that experience and knowledge
> for granted.  You know who that often sets up unreasonable expectations
> of the wide-eyed does just coming up.

Wide eyed Bambi's who wander onto highways get hit, and often killed.
Papa Bambi needs to get his kid off the roadbed.


>  When Mr.muthanna tried to help, and corrected you, he did it with class

What?  I don't get any points for a gracious acknowledgement he was right?
Fer Shame Marty!

> and a genuine interest in helping.  I applaud him for that.

As do I, in priciple.  But you know what?  He also has encouraged this guy
to post again.  That's one more email for us to sift through.  No thanks.
That's not what I sub to this list for, nor is it even what this list is
*chartered* for.

> Billybob is
> looking at his external interface and trying to figure out who's trying
> to get in, right?  So he's at least headed in the right direction.
> Let's support that instead of stomping on him for being new.  The people
> to flame are the lazy, windows-licking dumbasses who aren't asking for
> help.

Don't ask me for help on something fundamentally basic in a forum
dedicated to the discussion of other things.  He just learned the Most
Important Lesson On The Internet: There is a place for everything, and
they are not interchangeable.

> I hope all is well with you, and often wonder how you're doing.

I'm kicking back, relaxing after my Savvis stint (yes, for the sixteen
people who haven't yet heard, I'm no longer running OpSec at Savvis).

Money's not as good running solo (I'm making about half my old salary),
but I'm also not doing call anymore, haven't worked more than 4 hours in
any one day since I left, and take three days off *every* week.  So I
guess things are Good :-)

But then, This Is Not The Place For This Discussion (tm).

> Additionally, Sysedge is an SNMP Management Product marketed
> by (Concord)Empire Technologies, and it does belong on port 1691.

Exactly!  It's an SNMP-like product, which is why it has it's own WKP.  In
fact, you can't GET a WKP unless your protocol is somehow unique, and you
have to submit your protocol detail (under NDA) in order to *get* a WKP.
This is *not* SNMP on 1691.  It is an SNMP-like protocol, on it's own WKP
of 1691.

> Best Regards,
>
> Marto

//Alif

-- 
Yours,

J.A. Terranson
sysadmin@....org

  "...justice is a duty towards those whom you love and those whom you do
  not.  And people's rights will not be harmed if the opponent speaks out
  about them."      Osama Bin Laden
	- - -

  "There aught to be limits to freedom!"    George Bush
	- - -

Which one scares you more?


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ