Date: Tue, 27 Mar 2001 17:34:54 -0500 From: Peter Radcliffe <pir@pir.net> To: security@FreeBSD.ORG Subject: Re: SSHD revelaing too much information. Message-ID: <20010327173454.J12888@pir.net> In-Reply-To: <4.3.2.20010327160147.02c1b6c0@207.227.119.2>; from jeff-ml@mountin.net on Tue, Mar 27, 2001 at 04:27:55PM -0600 References: <20010327005503.J5425@rfx-216-196-73-168.users.reflex> <Pine.NEB.3.96L.1010326205118.81313D-100000@fledge.watson.org> <p05010404b6e5bb325d3c@[128.113.24.47]> <20010327005503.J5425@rfx-216-196-73-168.users.reflex> <p05010407b6e693b73e7c@[128.113.24.47]> <4.3.2.20010327160147.02c1b6c0@207.227.119.2>
next in thread | previous in thread | raw e-mail | index | archive | help
"Jeffrey J. Mountin" <jeff-ml@mountin.net> probably said: > You also forget the point that the extra information means it isn't a > vulnerable version, which it would be without the patches. Thus moving > that information later would mean a potential attacker might think "Hey, > this system is vulnerable..." and try to exploit a hole that has been > plugged. Believe doing this would annoy far more people than those that > are complaining about the information. Blah! I'd rather they wasted their time trying to compromise vunerable machine and leaving tracks that are noticable than heading directly to the vunerable machines and compromising them without leaving tracks. > Something that no has pointed out yet is that if you try to limit the > information the system displays or not for that matter, you might attract > the attention of someone that likes a challenge. Sure there are far more > script kiddies, but would lump the obscurity idea along with boasting a > system is not vulnerable. Bragging might attract the wrong types to test > the truth of such a statement. For certain that might help when it turns > out it isn't true, but would be a hassle regardless. Do you leave your doors unlocked in case someone breaks it down, too ? P. -- pir pir@pir.net pir@net.tufts.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010327173454.J12888>