on 5/7/01 12:32 PM, R. DuFresne at [EMAIL PROTECTED] wrote:
>
> Then why pray tell is OS finger printing so important to a cracker? Why
> are the major vendors beefing up issues such as tcp sequence number
> prediction and obscuring their OS's from easy OS type determination? Even
> the DNS/Bind folks have added the ability to their deamon to hide it's
> verson and such from outside connects.
>
It has been my experience, right or wrong, that OS fingerprinting is more to
identify a certain OS (which will remain nameless) than anything else.
Having spent that last year on two *heavily* scanned networks, oz.net and
lightrealm.net, most of what I have seen is easily stopped with a good
firewall, log reviews, and an alert sysadmin. How do you define "cracker"?
Is it some kid who wants to springboard off your machine, a simple resource
thief? Or do you actually have data the cracker wants, credit card numbers?
The first might be slowed down by concealing your OS. The second will see it
as a challenge, or minor inconvenience, but I do not think it will stop him.
Your best defense is being security aware, and minding your boxes.
DAve
PS. I make no attempt to conceal any of my four servers in three domains,
neither netcraft or portscanners seem to get the server configuration right
anyway. I am running multiple OS's and differing configs and they are now,
and always have been, wrong.
--
Dave Goodrich
Director of Interface Development
Reality Based Learning Company
9521 NE Willows Road, Suite 100
Redmond, WA 98052
Toll Free 1-877-869-6603 ext. 237
Fax (425) 558-5655
[EMAIL PROTECTED]
http://www.rblc.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
