Date: Mon, 13 Sep 1999 00:38:35 -0700 From: The Mad Scientist <madscientist@thegrid.net> To: freebsd-security@freebsd.org Subject: Re: How to prevent motd including os info Message-ID: <4.1.19990913003757.0096b660@mail.thegrid.net>
next in thread | raw e-mail | index | archive | help
If someone can get a shell on your machine, it should be trivial to determine (at the very least) that the machine is running a bsd OS. (existance of /usr/ucb, flags to ps, etc) You'd need to take care of uname, dmesg, and so on. It's better to spend your time fixing real security holes. -Dean At 01:13 PM 9/12/99 -0400, you wrote: >Is there a way to suppress the copyright info? This is pretty much >a dead giveaway (At least that it's *BSD), huh? See lines 14-15 below: > >$ telnet dmaddox.conterra.com >Trying 127.0.0.1... >Connected to localhost. >Escape character is '^]'. > >dmaddox.conterra.com >Access Restricted > >Today is Sun Sep 12 13:09:57 EDT 1999 > >login: myself >Password: >Last login: Sun Sep 12 13:07:17 from localhost >Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 > The Regents of the University of California. All rights reserved. > >Welcome to BogoDOS! >You have mail. >$ > > >On Sun, Sep 12, 1999 at 12:56:39PM -0400, Hector Colmenares wrote: >> >> >> If you dont want people to know what OS are you running >> when they telnet into your box just change to this the info in >> /etc/gettytab >> >> default:\ >> :cb:ce:ck:lc:fd#1000:im=\r\n\%h\r\nAccess Restricted\ >> r\n\r\nFor info, email admin@%h\r\nToday is %d\r\n\r\n >> >> >> ;-) >> >> cheers !! >> >> On Sun, 12 Sep 1999, Will Andrews wrote: >> >> > >> > On 12-Sep-99 Ben Smithurst wrote: >> > > Jeremy L. Ramirez wrote: >> > > >> > >> telnet stream tcp nowait root /usr/libexec/telnetd >telnetd -h >> > >> >> > >> what you are doing is adding the -h at the end of the line which >prevents >> > >> a user from seeing the OS before even logging in. >> > > >> > > An even better way is to disable telnet completely, and use ssh like you >> > > should. Note that people can still use nmap or something to guess at >> > > your OS. >> > > >> > > -- >> > > Ben Smithurst | PGP: 0x99392F7D >> > > ben@scientia.demon.co.uk | key available from keyservers and >> > > | ben+pgp@scientia.demon.co.uk >> > > >> > > >> > > To Unsubscribe: send mail to majordomo@FreeBSD.org >> > > with "unsubscribe freebsd-security" in the body of the message >> > >> > >> > To Unsubscribe: send mail to majordomo@FreeBSD.org >> > with "unsubscribe freebsd-questions" in the body of the message >> > >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message >> > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19990913003757.0096b660>