From owner-freebsd-net@FreeBSD.ORG Sat Sep 4 19:29:22 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC69416A4D0 for ; Sat, 4 Sep 2004 19:29:22 +0000 (GMT) Received: from digital-security.org (digital-security.org [216.254.116.252]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6125443D1D for ; Sat, 4 Sep 2004 19:29:22 +0000 (GMT) (envelope-from vxp@digital-security.org) Received: from localhost.tmok.com ([127.0.0.1] helo=localhost ident=vxp) by digital-security.org with esmtp (Exim 4.41 (FreeBSD)) id 1C3ejb-0009vW-9v; Sat, 04 Sep 2004 13:53:58 -0400 Date: Sat, 4 Sep 2004 13:53:54 -0400 (EDT) From: vxp To: Colin Alston In-Reply-To: <413A15DB.5010702@karnaugh.za.net> Message-ID: <20040904135129.L38122@digital-security.org> References: <20040904093042.B37306@digital-security.org> <20040904175028.GA25772@csh.rit.edu> <413A15DB.5010702@karnaugh.za.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Score: 0.2 (/) X-Spam-Report: Spam detection software, running on the system "digital-security.org", hasmessageblock similar future email. If you have any questions, see the administrator of that system for details.wasoh,about your system. that's an extremely important part of the attack. [...] Content analysis details: (0.2 points, 3.0 required) pts rule name description -------------------------------------------------- 0.2 AWL AWL: Auto-whitelist adjustment cc: freebsd-net@freebsd.org cc: Wesley Shields Subject: Re: fooling nmap X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Sep 2004 19:29:23 -0000 On Sat, 4 Sep 2004, Colin Alston wrote: > My point was if it provides no security, then there is no point to it at > all. oh, but it does. it prevents them from gathering accurate information about your system. that's an extremely important part of the attack. > Most attackers are going to exploit things at a service level > anyway. What is the point of changing the fingerprint? ok, say your apache is vulnerable to whatever. an exploit for that apache under linux is one thing, under freebsd is another, under windows another, etc. the 'service level' won't work, if you got the OS wrong. there's very very few cross-platform vulnerabilities that share the _same_ exploit code on _all_ platforms. actually, there's not a 'few'. there's none. > Change it to > Windows and attract more attension? Or just so that people attempt the > wrong attacks. wrong attacks, yes. wrong attacks = no intrusion.