Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 04 Sep 2004 21:22:03 +0200
From:      Colin Alston <karnaugh@karnaugh.za.net>
To:        vxp <vxp@digital-security.org>
Cc:        Wesley Shields <wxs@csh.rit.edu>
Subject:   Re: fooling nmap
Message-ID:  <413A15DB.5010702@karnaugh.za.net>
In-Reply-To: <20040904132345.A38065@digital-security.org>
References:  <20040904093042.B37306@digital-security.org> <20040904100640.E37469@digital-security.org> <20040904175028.GA25772@csh.rit.edu> <20040904132345.A38065@digital-security.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
vxp wrote:

>On Sat, 4 Sep 2004, Wesley Shields wrote:
>  
>
>>That is true, but the problem with these kinds of things is that users
>>will think that with a simple flip of a sysctl they are secure, when in
>>fact that are no more secure than before.
>>    
>>
>
>that's also 100% true, however that's why documentation exists. there's
>even a security section within it..
>we would probably want to add something like 'obscurity is great if it's
>only _one of_ the components in your security setup, not _the only_
>component'. they might get the point. =)
>
>now, another question arises
>
>i could always code a parser for nmap fingerprints file, but i don't think
>that's a good idea to include something like that in the kernel.. what do
>you think? hardcode a few OS fingerprint choices, and call it a day ?
>
>in other words, what would you guys say be a _proper_ bsd-style thing to
>do, if this were to be done?
>  
>
My point was if it provides no security, then there is no point to it at 
all. Most attackers are going to exploit things at a service level 
anyway. What is the point of changing the fingerprint? Change it to 
Windows and attract more attension? Or just so that people attempt the 
wrong attacks.

I still dont see any use, or need to implement something of that 
nature(Given that more features can = more bugs).

The point of the comment "Security by obscurity is no security at all" 
is that bugs and exploits should be FIXED and PATCHED not HIDDEN.

Regards.

-- 
Colin Alston <karnaugh@karnaugh.za.net>

About the use of language: 
  "It is impossible to sharpen a pencil with a blunt axe.  It is 
  equally vain to try to do it with ten blunt axes instead."
   -- E.W.Dijkstra, 18th June 1975. (Perl did not exist at the time.)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?413A15DB.5010702>