>One of the most important pieces of information a hacker can have is >the OS flavor and version of a remote host. Armed with this knowledge, >a hacker can narrow his search for possible vulnerabiliti es to that >specific operating system and version. An SSH ID string with OpenSSH >does not give away the underlying OS of the target system. It might be >Linux, BSD, System V, AIX, HPUX, Solaris or eve n Windows.
I would like to see some statistics on this; which percentage of hackers actually tries to determine the OS version prior to attacking? And which percentage of hackers will just run their whole arsenal, most successful first? Considering that some people are cloaking the OS version, how useful is trying to determine the remote OS version from his perspective anyway? And how much of it is done by hand? I submit not much of the hacking is done by hand. >Do a search on "OS fingerprinting" and you'll find tools (checkos, >nmap, etc.) which can determine a remote OS and version simply by >observing the behavior of the networking stack. But with SunSSH, you >don't even need any extra tools because the daemon itself betrays the >host OS. When the string changes, it will become even easier to script >a version specific attack for the latest Solaris or the FTP, BIND, or >other utilities that it installs (or includes on a companion CD). >Here are some articles on OS fingerprinting, why it's dangerous and how to try >and mask it... >http://www.insecure.org/nmap/nmap-fingerprinting-article.html >http://www.sans.org/resources/idfaq/tcp_fingerprinting.php >http://www.usenix.org/publications/library/proceedings/sec2000/smart.html There are quite a few people who disagree with the premise that knowing the OS is a big deal. Automation is key; and nmap detection, e.g., if fairly easily thrown off by modifying a few key TCP parameters. Casper _______________________________________________ opensolaris-discuss mailing list [email protected]
