From owner-freebsd-security  Fri Jul  6 16:30: 8 2001
Delivered-To: freebsd-security@freebsd.org
Received: from gatekeeper.orem.verio.net (gatekeeper.orem.verio.net [192.41.0.8])
	by hub.freebsd.org (Postfix) with ESMTP id 80ABD37B411
	for <freebsd-security@freebsd.org>; Fri,  6 Jul 2001 16:29:58 -0700 (PDT)
	(envelope-from hart@orem.verio.net)
Received: from mx.dmz.orem.verio.net (mx.dmz.orem.verio.net [10.1.1.10])
	by gatekeeper.orem.verio.net (Postfix) with ESMTP id 1FF683BF13D
	for <freebsd-security@freebsd.org>; Fri,  6 Jul 2001 17:29:58 -0600 (MDT)
Received: from localhost (hart@localhost)
	by mx.dmz.orem.verio.net (8.11.1/8.11.1) with ESMTP id f66NTsa28377;
	Fri, 6 Jul 2001 17:29:54 -0600 (MDT)
	(envelope-from hart@mx.dmz.orem.verio.net)
Date: Fri, 6 Jul 2001 17:29:54 -0600 (MDT)
From: Paul Hart <hart@orem.verio.net>
To: Laurence Berland <stuyman@confusion.net>
Cc: <freebsd-security@freebsd.org>
Subject: Re: Hiding Versions
In-Reply-To: <Pine.NEB.3.96.1010706140107.7033B-100000@euphoria.confusion.net>
Message-ID: <Pine.BSF.4.31.0107061718460.24468-100000@mx.dmz.orem.verio.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Fri, 6 Jul 2001, Laurence Berland wrote:

> As much as it's not all that good in terms of security, changing version
> strings will keep the kiddies from ever bothering, which is good just
> because it stops them from filling your logs quite as much...

You sure about that?  I know of many web servers on a UNIX systems that
fully advertise their Apache-on-UNIX banner messages and still receive
numerous attempts to break in using exploits for Microsoft's IIS.  That's
not to mention the repeated attempts to break in to FreeBSD or Solaris
machines using a exploit for LPRng on Linux, either.

Removing or falsifying version strings may fool some rational attackers,
but it seems many kiddies will ram the exploit against ANY machine that's
listening on port 80 regardless of the operating system it's running or
what the banner messages say.

Paul Hart

--
Paul Robert Hart
hart@orem.verio.net

Jul ner lbh ernqvat guvf?



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message