Date: Tue, 27 Mar 2001 18:09:11 -0600 From: "Jeffrey J. Mountin" <jeff-ml@mountin.net> To: security@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: SSHD revelaing too much information. Message-ID: <4.3.2.20010327173917.02803ae0@207.227.119.2> In-Reply-To: <20010327173454.J12888@pir.net> References: <4.3.2.20010327160147.02c1b6c0@207.227.119.2> <20010327005503.J5425@rfx-216-196-73-168.users.reflex> <Pine.NEB.3.96L.1010326205118.81313D-100000@fledge.watson.org> <p05010404b6e5bb325d3c@[128.113.24.47]> <20010327005503.J5425@rfx-216-196-73-168.users.reflex> <p05010407b6e693b73e7c@[128.113.24.47]> <4.3.2.20010327160147.02c1b6c0@207.227.119.2>
next in thread | previous in thread | raw e-mail | index | archive | help
At 05:34 PM 3/27/01 -0500, Peter Radcliffe wrote: Argh, this can go on and on... >I'd rather they wasted their time trying to compromise vunerable >machine and leaving tracks that are noticable than heading directly to >the vunerable machines and compromising them without leaving tracks. Presuming the first "vulnerable" needs and "un" prefix and say that this sounds like a shell game method of hoping they don't find the vulnerable system. Better to spend time keeping up-to-date than shuffling and hope they don't guess the right shell or server. Chances are they will be scanning blocks of IPs and if that is the case no slight-of-hand will hide the fact of where the vulnerable system is. > > Something that no has pointed out yet is that if you try to limit the > > information the system displays or not for that matter, you might attract > > the attention of someone that likes a challenge. Sure there are far more > > script kiddies, but would lump the obscurity idea along with boasting a > > system is not vulnerable. Bragging might attract the wrong types to test > > the truth of such a statement. For certain that might help when it turns > > out it isn't true, but would be a hassle regardless. > >Do you leave your doors unlocked in case someone breaks it down, too ? More to point is that regardless if you say "this door is locked" or not doesn't mean they won't try it. Saying we upgraded the lock from the cheap lockset might make them try another house. All cute wording aside, there was a time when I removed the version number from a daemon and found that the number of probes increased. Did it make the system any more secure, no. Almost as bad as using a "honey pot" to lure the bears away. Before they only came around now and again. Now they come for the honey you put out. Attracting more bears may not be necessary bad, but can increase the risk of an "incident." Better to spend time limiting the loss should the house be broken into than hiding the fact there is a house there. Obscurity is a waste of time for little benefit IMO. Jeff Mountin - jeff@mountin.net Systems/Network Administrator FreeBSD - the power to serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.20010327173917.02803ae0>