Date: Tue, 9 Jul 2002 16:49:51 +0800 From: "Biing Jong Lin" <bjlin@stic.gov.tw> To: "Darren Pilgrim" <dmp@pantherdragon.org>, <freebsd-security@FreeBSD.ORG> Cc: "Asep Ruspeni" <ruspeni@mti.itb.ac.id> Subject: Re: hiding OS name Message-ID: <003f01c22725$9f507a80$09ab53c0@realcon> References: <006601c22627$a9199000$21020a0a@mti.itb.ac.id> <3D294723.7022CD07@pantherdragon.org>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message -----
From: "Darren Pilgrim" <dmp@pantherdragon.org>
To: "Asep Ruspeni" <ruspeni@mti.itb.ac.id>
Cc: <freebsd-security@FreeBSD.ORG>
Sent: Monday, July 08, 2002 4:02 PM
Subject: Re: hiding OS name
>Hiding your OS name and version will do nothing to increase security,
>because the majority of people who scan for vulnerable hosts just do
>bulk scanning, trying their trick on everything they find. They know
>or just don't care) that you can't reliably determine the OS without
>hell access and even then you can be tricked.
>That said, what you're looking to do is change the banner on the
>daemons you're running. How you do this is specific to each daemon.
>As usual, RTWP, JTML, RTFM, RTSL, etc.
I think hiding you OS name and version still helps.
not to increase level of security, just to confuse and force
intruder to make decisions, and hopefully they will make mistake.
We are talking about some malicious hacking activities against
speficied target. If you can 'survive' from these attacks, you
can stop those script kiddies too.
cracker would be confused, and may pick wrong tools/shellcodes
when they launch attack without correct OS name and version.
As for those who are using automatic tools, they are just trying
their luck. At least I am not worried when people attack my FreeBSD
box with IIS tools.
Information hiding is just trying to confuse/stall intruders.
The most efficient way to improve your security is to read advisories,
and patch your system regularly.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003f01c22725$9f507a80$09ab53c0>