From owner-freebsd-security Mon Sep 13 0:38:49 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail-gw6.pacbell.net (mail-gw6.pacbell.net [206.13.28.41]) by hub.freebsd.org (Postfix) with ESMTP id 5A86D14FD6 for ; Mon, 13 Sep 1999 00:38:47 -0700 (PDT) (envelope-from madscientist@thegrid.net) Received: from remus (adsl-63-193-246-169.dsl.snfc21.pacbell.net [63.193.246.169]) by mail-gw6.pacbell.net (8.9.3/8.9.3) with SMTP id AAA27850 for ; Mon, 13 Sep 1999 00:38:46 -0700 (PDT) Message-Id: <4.1.19990913003757.0096b660@mail.thegrid.net> X-Sender: i289861@mail.thegrid.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Mon, 13 Sep 1999 00:38:35 -0700 To: freebsd-security@freebsd.org From: The Mad Scientist Subject: Re: How to prevent motd including os info Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org If someone can get a shell on your machine, it should be trivial to determine (at the very least) that the machine is running a bsd OS. (existance of /usr/ucb, flags to ps, etc) You'd need to take care of uname, dmesg, and so on. It's better to spend your time fixing real security holes. -Dean At 01:13 PM 9/12/99 -0400, you wrote: >Is there a way to suppress the copyright info? This is pretty much >a dead giveaway (At least that it's *BSD), huh? See lines 14-15 below: > >$ telnet dmaddox.conterra.com >Trying 127.0.0.1... >Connected to localhost. >Escape character is '^]'. > >dmaddox.conterra.com >Access Restricted > >Today is Sun Sep 12 13:09:57 EDT 1999 > >login: myself >Password: >Last login: Sun Sep 12 13:07:17 from localhost >Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 > The Regents of the University of California. All rights reserved. > >Welcome to BogoDOS! >You have mail. >$ > > >On Sun, Sep 12, 1999 at 12:56:39PM -0400, Hector Colmenares wrote: >> >> >> If you dont want people to know what OS are you running >> when they telnet into your box just change to this the info in >> /etc/gettytab >> >> default:\ >> :cb:ce:ck:lc:fd#1000:im=\r\n\%h\r\nAccess Restricted\ >> r\n\r\nFor info, email admin@%h\r\nToday is %d\r\n\r\n >> >> >> ;-) >> >> cheers !! >> >> On Sun, 12 Sep 1999, Will Andrews wrote: >> >> > >> > On 12-Sep-99 Ben Smithurst wrote: >> > > Jeremy L. Ramirez wrote: >> > > >> > >> telnet stream tcp nowait root /usr/libexec/telnetd >telnetd -h >> > >> >> > >> what you are doing is adding the -h at the end of the line which >prevents >> > >> a user from seeing the OS before even logging in. >> > > >> > > An even better way is to disable telnet completely, and use ssh like you >> > > should. Note that people can still use nmap or something to guess at >> > > your OS. >> > > >> > > -- >> > > Ben Smithurst | PGP: 0x99392F7D >> > > ben@scientia.demon.co.uk | key available from keyservers and >> > > | ben+pgp@scientia.demon.co.uk >> > > >> > > >> > > To Unsubscribe: send mail to majordomo@FreeBSD.org >> > > with "unsubscribe freebsd-security" in the body of the message >> > >> > >> > To Unsubscribe: send mail to majordomo@FreeBSD.org >> > with "unsubscribe freebsd-questions" in the body of the message >> > >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message >> > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message