Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Honeypots: Re: sebek as a patch?

Re: sebek as a patch?

From: Daniel J. Axtens <danielax_at_gmail.com>
Date: Fri, 7 Oct 2005 19:25:42 +0800

>Possible, but not very practical.
I thought there might be some problems with that approach :)

Another approach I thought of was to hide the module the same way the
adore worm is hidden - but this would still be vulnerable to pattern
matching. Perhaps encryption is the way to go - the only problem then
is that you need a decryptor, which is then *itself* vulnerable to
pattern matching.

Maybe we should look to the enemy for solutions: could polymorphic
virus techniques help here?

Another random (and probably useless :) idea,
Daniel Axtens
Received on Oct 07 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos