Re: Net Bios script for noneyd

On Mon, 17 May 2004 17:31:28 +0200, Sumit Siddharth <Sumit.Siddharth_at_eurecom.fr> said:
> SInce the ports 139,137 and 445 are most commonly targetted by the
> hackers I dont understand why we dont have any support (script ) for
> these ports on honeyd.Instead of closing these ports it will really
> good to have some script running on them so that we can get more
> information about the hacker/attack tool.

Most likely, none of the programmers involved wanted to go anywhere near that
can of worms.... ;)

The problem is that it's fiendishly difficult to actually emulate the SMB/CIFS
protocol well enough to be useful while staying legal regarding
reverse-engineering (See the Samba project for an example). The other choice
is to just emulate it enough for the "well-known" exploits to "work" - and a
quick perusal of the vast number of Nessus plug-ins for those ports will
explain why nobody wants to go THAT route....