----- Original Message -----
From: "Davide Libenzi" <[EMAIL PROTECTED]>
To: "XMail mailing list" <[EMAIL PROTECTED]>
Sent: Thursday, September 05, 2002 10:03 PM
Subject: [xmail] Re: greeting banner
> in case 2) the time spent to find open ports on different IPs is way
> longer than the time spent to fire exploits. as i told you before, an open
> port is a precious resource and is case of obfuscated banner you can bet
> your brand new car that the attacker will fire you all known exploits for
> that port. you can say : "but XMail explicitly tells the OS and the CPU
> type !!". oh, that one is very difficult to guess ... the analisys of TCP
> stack responses can quite easily let you know the OS and about the CPU
> your domain is pretty limited. imho, hiding banner is a mental
> masturbation of some loser security "expert" ...
I for one completely agree with davidie,
Read up Remote OS detection via TCP/IP Stack FingerPrinting
by Fyodor <[EMAIL PROTECTED]>. Fyodor
has done an excellent analysis of various techniques for identifying the
remote OS. You can find it at:
http://www.insecure.org/nmap/nmap-fingerprinting-article.txt
And that doesnot require anyother tool than nmap.
So changing a benner is not really going to help anyone.
If anyone is so paranoid about exploits in olderversions
I bet they'll prefer updating to latest patch/stable-version
than hiding/altering smtp banners.
/Chandu
> - Davide
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
