Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: SNMP Broadcasts
From: "J.A. Terranson" <measl () mfn org>
Date: Thu, 15 Jul 2004 16:36:29 -0500 (CDT)

On Thu, 15 Jul 2004, Martin Wasson wrote:

From: Martin Wasson <marto () fightingillini com>

What's stopping you from using your, um, more common address?

This is not, *technically* SNMP, as it is not using it's assigned ports.
This is a variant, and interestingly, that port is assigned to

            empire-empuma   1691/tcp    empire-empuma
            empire-empuma   1691/udp    empire-empuma

Unless Sysedge is the decendant of "empire-empuma", it doesn't belong
there either
Unfortunately, the odds of this kind of newbie being able to
successfully utilize it are slim.  Still, if he is going to ask for
help with odd packets, he must be able to document them, and this is
the standard way to do so.

Before going further - I had to re-wrap your text, as it was full of
looooooonnnnngggggggg lines.  Any inadvertent errors introduced are
strictly your fault for using M$-ware :-)

Oh, I get it.  So if root executes "sshd -p 45522"  --this is not
*technically* ssh, right?

If sshd is running on 45522 it's a back door Marty :-)  And no, in this
case, pedantic or not, it's not "ssh" as is commonly accepted.

Learn that at MCSE school?  ;o) Heh heh.
Just kidding.

Just for the record, since we *are* public here, and full of the Spirit Of
Full-Disclosure, let's note that you are the only MCSE here.  It'll be a
cold day in hell before I pay for anything Micro$loth.

 But really, precisely what protocol does it become on
port 45522?  What if the only "Listen" directive in my httpd.conf says:
"Listen 45580"?  Is it *technically* not an http server?

It is at that point a service, running on the specified port, which
happens to process the HTTP protocol.

And you're flaming newbies?  Come on, Alif.  Give the guy a break, will

And *here* we finally come to the only valid argument.  One which I
generally agree with BTW, and in fact one I had two long conversations
about yesterday.  The only truly valid point that *I* can muster in my own
defense here was the forum Mr. Knob chose for his polemic: FD.  Had this
missive come across a newbies list like "incidents", he'd have likely
received what he really needed - some serious help in understanding enough
of his system to be able to just describe his problem.

But he didn't post this to a newbies "helpme" forum.  He [unwisely] posted
this to FD.

And he did it on the same day some crackpot newbie MCSE moron kept
telephoning me that "your MAC addresses are attacking me".  Yes, you read
that right.  I own an OUI, and some moron decided that some random number
somewhere was in fact an indicator that I was (a) attacking him with a
device using that OUI (theoretically possible, but puhleeze), and that (b)
he could see my OUI clearly in the TCP headers (forwarded across multiple
router hops, of course!).

So, Mr. Knob became the unwitting and unwilling recipient of my days
frustration with the latest crop of the Endless Summer.  Is he due an
apology?  Maybe - I'm genuinely not certain, and as I said, I've actually
discussed it with two people (both on this list).

Do I care? No.  Not in the least.  Posting something like that as a
factual statement, in what amounts to an experts forum, will get you

Please note that we *all* have done similar - and as I pointed out to my
friend last night, I thank god that DejaGoogle hadn't yet been born when I
made early appearances upon the world's stage of Stupid Newbie Tricks -
but that doesn't really matter here.  Hell, I'm still not even certain
that Knob's post wasn't a troll!

Either way - I am unapologetic.  I was *almost* apologetic yesterday, but,
that was then, and this is now.

He'll learn to ask the right questions, and give you what you need to
help him.

And I sent him off in that direction, with a mission to find Ethereal.  My
gift :-)

Someday we're gonna need this guy to help the newbies that
come after him.  Do we really want to teach him that the way to do that
is through insults and abuse until the newbie asks the questions the way
HE wants them asked?

In a forum such as this - yes.  I'm serious Marty.  You know me: I receive
several thousand emails a day, I parse quickly, and I adjust to the
environment: I have sent many a newbie down The One True Path.  But I
won't do that here - I have a hard enough time sifting through Len's
little sludge factory as it is.

You're a better man than that.  You've been around
a long time, and it's easy to take ALL of that experience and knowledge
for granted.  You know who that often sets up unreasonable expectations
of the wide-eyed does just coming up.

Wide eyed Bambi's who wander onto highways get hit, and often killed.
Papa Bambi needs to get his kid off the roadbed.

 When Mr.muthanna tried to help, and corrected you, he did it with class

What?  I don't get any points for a gracious acknowledgement he was right?
Fer Shame Marty!

and a genuine interest in helping.  I applaud him for that.

As do I, in priciple.  But you know what?  He also has encouraged this guy
to post again.  That's one more email for us to sift through.  No thanks.
That's not what I sub to this list for, nor is it even what this list is
*chartered* for.

Billybob is
looking at his external interface and trying to figure out who's trying
to get in, right?  So he's at least headed in the right direction.
Let's support that instead of stomping on him for being new.  The people
to flame are the lazy, windows-licking dumbasses who aren't asking for

Don't ask me for help on something fundamentally basic in a forum
dedicated to the discussion of other things.  He just learned the Most
Important Lesson On The Internet: There is a place for everything, and
they are not interchangeable.

I hope all is well with you, and often wonder how you're doing.

I'm kicking back, relaxing after my Savvis stint (yes, for the sixteen
people who haven't yet heard, I'm no longer running OpSec at Savvis).

Money's not as good running solo (I'm making about half my old salary),
but I'm also not doing call anymore, haven't worked more than 4 hours in
any one day since I left, and take three days off *every* week.  So I
guess things are Good :-)

But then, This Is Not The Place For This Discussion (tm).

Additionally, Sysedge is an SNMP Management Product marketed
by (Concord)Empire Technologies, and it does belong on port 1691.

Exactly!  It's an SNMP-like product, which is why it has it's own WKP.  In
fact, you can't GET a WKP unless your protocol is somehow unique, and you
have to submit your protocol detail (under NDA) in order to *get* a WKP.
This is *not* SNMP on 1691.  It is an SNMP-like protocol, on it's own WKP
of 1691.

Best Regards,




J.A. Terranson
sysadmin () mfn org

  "...justice is a duty towards those whom you love and those whom you do
  not.  And people's rights will not be harmed if the opponent speaks out
  about them."      Osama Bin Laden
        - - -

  "There aught to be limits to freedom!"    George Bush
        - - -

Which one scares you more?

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]