[NCLUG] port monitorer
S. Luke Jones
luke at 6d.com
Mon Feb 19 09:57:37 MST 2001
herrold wrote:
> ... absolutely -- set a new NT install all by its lonesome behind a
> logging firewall; run; observe it phoning home, to append the
> MAC-identified software inventory for the SPA to use when visting to
>
> ... [snip] ...
>
> It might be recreational to reverse engineer the reporting format
> using tcpdumo to log the conversation, and help add entries to that
> database ...
Cool! First, there's the delight in subverting their own systems.
Which would be worse from MSFT's perspective: numbers that are
implausibly low ("this LAN has 25 windows machines and zero apps")
or implausibly high ("this LAN has 24 machines and sixteen hundred
copies of Office")?
Do you know if there's stoolie-ware for servers that will rat out
what's installed on the client machines? Because it gets better if
you can persuade the NT software to pass on "client" information.
Because then the clients -- Linux boxes, say -- could inform on
themselves. ("This LAN has 14, uh, clients, with, um, 9 copies of
GNOME and 5 copies of KDE.") And of course, there's no particular
reason to tell the truth there either. Best of all, if the NT box
is doing it without your help, then it's not a DoS attack.
Luke
More information about the NCLUG
mailing list