+++ Abhi [linux-india] <07/05/02 14:50 +0900>:
> > > 220 localhost.localdomain ESMTP Sendmail 8.11.3/8.11.3; Mon, 6 May 2002
> > A pretty clueless lot, I must say.
> > Well, at least they aren't open relays yet.
> Also very helpful of them to give out the version numbers etc. in the
> service banner. Crackers would just love them.
Ah. Another fine graduate of the "security by obscurity" school.
Hint: It almost never works, and is utter bullshit. Crackers will try
sendmail 8.6 buffer overflows against 8.12.3, or against qmail for that
matter. Just like nimda tries IIS exploits against anything listening on
port 80, even apache or thttpd.
If you are running insecure or misconfigured software, just hiding version
numbers will NOT help you shake off a cracker. There's stuff like OS
fingerprinting and things like that ... and just about any MTA identifies
itself VERY clearly in more ways than one.
For example ...
220 hostname.example.com esmtp
250-hostname.example.com
250-PIPELINING
250 8BITMIME
If you see this, you can kind of lay long odds that this is qmail you are
seeing. No matter that qmail decides that "hostname esmtp" is enough as an
smtp banner. [fine, it _is_ enough, but still, as I said, security by
obscurity is a totally bogus concept]
Oh... and re your followup to that nepali admin ... you were berating him for
giving away his internal network details ...
If it escaped your attention, all his internal network is in rfc 1918 space -
aka unrouteable over the internet, private IPs.
If someone gets as far as to break into his firewall, you think it is that
tough for the cracker to find out what internal addressing scheme is being
used? (hint: the firewall will likely have two interfaces, one to the
internal rfc1918 network, and another with the public ip... and there are
hosts entries or maybe even internal dns zones, or he can always sit on the
firewall and portscan everything within the internal network's netmask, to
search for more hosts to brak into).
--srs
--
Suresh Ramasubramanian <----> mallet <at> efn dot org
EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin
[Linux One Stanza Tip] From : <[EMAIL PROTECTED]>
LOST #024 -**< Sub : NumLock ON at boot >**-
To turn numlock on automatically for a few consoles at boot:
#!/bin/sh # Use setled program. This script
INITTY=/dev/tty[3-6] # will turn *Numlock* on for con-
for tty in $INITTY; do # soles 3 through 6 only ... Fire
setleds -D +num < $tty # this script in rc.local/ equiv-
done # alent for your distro
_______________________________________________________________
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: [EMAIL PROTECTED]
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
