Interesting how you can argue both against and for a statement. I quote :
> That's fine. For the determined crackers at least. The fact remains that > J.Random Skriptkiddy generally downloads and runs off-the-shelf rootkits > rather than anything else. and a few lines down : > The brute force kiddies try each exploit, announced on bugtraq or not. The > real crackers won't be fooled by your munging. Aren't you implying here that J.Random Skriptkiddy *will* be fooled by the headers ? Especially if they are using some script like sshscan which is looking *just* for the version numbers and not *actually* bothering to try the exploit ? Time to rather take up a stand on what you really *are* saying, no ? And if you are still confused after my repeating it in so many variation for past few mails : I am saying that one should take every security measure possible and *also* munge the headers... All I am saying is that I want to fool J.Random Skriptkiddy's stupid scripts that scan just for version numbers *and* make the job take 15 min extra for the real cracker (against whom I *have* taken the added measures of patching up the server which will fail of course, if he is using an exploit that a patch has not yet been released for). :) 15 mins extra would mean that I have 15 mins extra of a chance of detecting some funny activity happening on the server/server logs etc.. Any arguments against that ? Regards, Abhi _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
