work and IT @ 16 Apr 2008 12:22 pm by ayoi
When I fires up my thunderbird this morning, I received one email from one of this blog readers (sounds like I have many readers eh?No lah) inquiring about on the requirements to get involve in this security field. From the content of the email, I can conclude that the sender is one of the students and it seems that she has the interest and perhaps the attitude as well and hopefully she won’t change her mind when she received my reply.
Because the 1st requirement that I pointed out to her is having the right attitude. Interest, passion, curiosity are few of the characteristics that can only help you in order to progress. Well some of our SAs here lacked this kind of attitude (One of the areas that I need to improve). Also the needs of having a good and sound fundamental, be it in networking, security or others. At least when you encountered these statements,
“Throttling : LaBrea accepts new connection but advertises a very small receiver window. The receiver window instructs the sender to not send more data per packet than the window allows. When throttling, connections still make progress, albeit slowly.
Persistent capture : LaBrea advertises a TCP receiver window size of 0 and instructs the sender to wait before sending more data. Periodically, the sender comes back and sends window probe packets to determine if the window has opened up again. This state can be persist indefinitely.”
You will understand fully what are these statements trying to convey.
And yeah, that’s what I’ve taken from Virtual Honeypots book. It is about Low interactive type of Honeypot application called LaBrea. Low interaction honeypot is the one that only simulates or emulate services, responses or application as this type of honeypot is not meant to represent a fully featured operating system. As for LaBrea, it introduces the tarpit concept where it will try to slow down spammers or worm by making the TCP connection very slow or completely stalling their progress. How? By using the methods that I’ve mentioned above, basically by manipulating the window size. That’s why it is important to have this kind of knowledge. For time being this is my reading material while traveling in LRT. One of the things that I will definitely deploy. (Honeypot or perhaps honeynet)
taken from successfromthenest.com
