On Sat, 2004-10-30 at 02:47, Ken Murchison wrote:
Security by obscurity never works. Do you really think an attacker
would be deterred by the version number that he sees? He'll probably
try his attack regardless of the version reported.
I humbly disagree. I think it depends a lot on what
On Fri, Oct 29, 2004 at 11:36:14PM -0500 or thereabouts, Jim Levie wrote:
cracker simply runs a tool kit that attempts to exploit all known
vulnerabilities for that OS. If one works, they are in, and if not they
move on to another system. The tools themselves seldom check version
information
Hi,
when sending email over cyrus imap, it gives full information about
version. So, an attacker has just to telnet at port 25 to see if his
bunch of exploits fits to it.
That is a dangerous and I would like to suppress all version
information, even that it is cyrus answering, if possible.
Can
Sascha Wuestemann wrote:
Hi,
when sending email over cyrus imap, it gives full information about
version. So, an attacker has just to telnet at port 25 to see if his
bunch of exploits fits to it.
That is a dangerous and I would like to suppress all version
information, even that it is cyrus
Ken Murchison wrote:
Sascha Wuestemann wrote:
Hi,
when sending email over cyrus imap, it gives full information about
version. So, an attacker has just to telnet at port 25 to see if his
bunch of exploits fits to it.
That is a dangerous and I would like to suppress all version
information, even
On Fri, 2004-10-29 at 14:21, Mike Nuss wrote:
Ken Murchison wrote:
Sascha Wuestemann wrote:
Hi,
when sending email over cyrus imap, it gives full information about
version. So, an attacker has just to telnet at port 25 to see if his
bunch of exploits fits to it.
That is a