From owner-freebsd-security Tue Jul 9 1:50:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1827337B405 for ; Tue, 9 Jul 2002 01:50:13 -0700 (PDT) Received: from mail.stic.gov.tw (mail.stic.gov.tw [192.83.171.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 07CD843E09 for ; Tue, 9 Jul 2002 01:50:12 -0700 (PDT) (envelope-from bjlin@stic.gov.tw) Received: from realcon (test.stic.gov.tw [192.83.171.9]) by mail.stic.gov.tw (8.12.5/8.12.5) with SMTP id g698nl8Q092439; Tue, 9 Jul 2002 16:49:59 +0800 (CST) (envelope-from bjlin@stic.gov.tw) Message-ID: <003f01c22725$9f507a80$09ab53c0@realcon> From: "Biing Jong Lin" To: "Darren Pilgrim" , Cc: "Asep Ruspeni" References: <006601c22627$a9199000$21020a0a@mti.itb.ac.id> <3D294723.7022CD07@pantherdragon.org> Subject: Re: hiding OS name Date: Tue, 9 Jul 2002 16:49:51 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="big5" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Darren Pilgrim" To: "Asep Ruspeni" Cc: Sent: Monday, July 08, 2002 4:02 PM Subject: Re: hiding OS name >Hiding your OS name and version will do nothing to increase security, >because the majority of people who scan for vulnerable hosts just do >bulk scanning, trying their trick on everything they find. They know >or just don't care) that you can't reliably determine the OS without >hell access and even then you can be tricked. >That said, what you're looking to do is change the banner on the >daemons you're running. How you do this is specific to each daemon. >As usual, RTWP, JTML, RTFM, RTSL, etc. I think hiding you OS name and version still helps. not to increase level of security, just to confuse and force intruder to make decisions, and hopefully they will make mistake. We are talking about some malicious hacking activities against speficied target. If you can 'survive' from these attacks, you can stop those script kiddies too. cracker would be confused, and may pick wrong tools/shellcodes when they launch attack without correct OS name and version. As for those who are using automatic tools, they are just trying their luck. At least I am not worried when people attack my FreeBSD box with IIS tools. Information hiding is just trying to confuse/stall intruders. The most efficient way to improve your security is to read advisories, and patch your system regularly. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message