> > Also very helpful of them to give out the version numbers etc. in the > > service banner. Crackers would just love them. > > Ah. Another fine graduate of the "security by obscurity" school.
Another fine example of a hurried statement. :) Secure *and* obscure. No need to sit back smug and make things easier for the opposition. Obscuring scares away most of the script-kiddies. And for the rest actually skilled ones... you do have to do your homework. If you are clueless enough to sit smug and advertise all so helpful info in your banners, god help your network when a new exploit comes out. A hacker determined and skilled enough, *will* get inside your system eventually. There is no system that can be 100% secure. You have to try and make his job harder though. Perhaps it would have been more correct for you to say that relying on *just* security by obscurity is a bad option ? But I guess you did jump to hurried conclusions. Can you quote the line where I said, he *only* needs to modify the banner and then he can sleep easy at nights ? :) I suppose, all the security veterans that advise changing your service banners are completely clueless by your standards ? > Hint: It almost never works, and is utter bullshit. Crackers will try > sendmail 8.6 buffer overflows against 8.12.3, or against qmail for that > matter. Just like nimda tries IIS exploits against anything listening on > port 80, even apache or thttpd. Agreed. But I'd rather not have clueless script kiddies filling up my logs and generating false alarms... and thus making it difficult to detect and stop any actual skilled guy doing his stuff. Ever cared to look at the sshscan etc. ? It tries to scan for particular versions of ssh. Also try reading the archives of the nmap mailing lists. Lots of sysadmins would go as far as modifying the TTL values etc. to resemble some other system. > If you are running insecure or misconfigured software, just hiding version > numbers will NOT help you shake off a cracker. There's stuff like OS > fingerprinting and things like that ... and just about any MTA identifies > itself VERY clearly in more ways than one. > >*snip* > Is there anything wrong with taking one *more* security measure ? Will you actually not be able to live without displaying the version number of your MTA ? I fail to see your arguement really. My point is... I agree with all you said... but why on earth, should we make things easier for crackers ? Thieves *will* snap open the lock on your frontgate in seconds with a crowbar... Does that necessarily means that you should give up on the locks ? > Oh... and re your followup to that nepali admin ... you were berating him for > giving away his internal network details ... > > If it escaped your attention, all his internal network is in rfc 1918 space - > aka unrouteable over the internet, private IPs. > > If someone gets as far as to break into his firewall, you think it is that > tough for the cracker to find out what internal addressing scheme is being > used? (hint: the firewall will likely have two interfaces, one to the > internal rfc1918 network, and another with the public ip... and there are > hosts entries or maybe even internal dns zones, or he can always sit on the > firewall and portscan everything within the internal network's netmask, to > search for more hosts to brak into). > > --srs > *sigh* Did you by any chance, *really* read my mail thoroughly and stumble across a technique I referred to, called firewalking ? Search for it on google and than tell me your objections... --clue-- ... he doesn't *needs* to break into the firewall... go look up the term at least before countering :) It would do you mucho good to learn something new, I am sure. :) And do you seriously intend to imply that divulging all the intenal details of one's network structure/addressing on a public list is a *good and commendable* security policy ? Are you really telling me that ? :) Regards, Abhi _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
