Date: Sat, 4 Sep 2004 10:07:36 -0400 (EDT) From: vxp <vxp@digital-security.org> To: Colin Alston <karnaugh@karnaugh.za.net> Cc: freebsd-net@freebsd.org Subject: Re: fooling nmap Message-ID: <20040904100640.E37469@digital-security.org> In-Reply-To: <4139E189.5080409@karnaugh.za.net> References: <20040904093042.B37306@digital-security.org> <4139DCF0.7070008@karnaugh.za.net><4139E189.5080409@karnaugh.za.net>
next in thread | previous in thread | raw e-mail | index | archive | help
no. obscurity as the _only_ "security" is no security. there's nothing wrong with ADDING obscurity, however. =) --Val On Sat, 4 Sep 2004, Colin Alston wrote: > vxp wrote: > > >pretty much any sort of attack / intrusion attempt begins with information > >gathering on the machine. part of that, would be trying to figure out what > >OS runs on the machine. the more (accurate) information a potential > >attacker can gather on the machine, the more chances that his attempt will > >succeed. obviously, even with this change in place, you'd need to do some > >other things so as to prevent this for example: > > > >$ telnet localhost 22 > >Trying ::1... > >Connected to localhost.digital-security.org > >Escape character is '^]'. > >SSH-1.99-OpenSSH_3.6.1p1 FreeBSD-20030924 > > ^^^^^^^^^ > > banners all over need to be changed > > > >but nevertheless, it'd be a step in the right direction in my opinion > > > > > > A great man once said to me "Security by obscurity is, after all, no > security at all." > > This is very much a step in the wrong direction. > > -- > Colin Alston <karnaugh@karnaugh.za.net> > > About the use of language: > "It is impossible to sharpen a pencil with a blunt axe. It is > equally vain to try to do it with ten blunt axes instead." > -- E.W.Dijkstra, 18th June 1975. (Perl did not exist at the time.) > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040904100640.E37469>