From owner-freebsd-security Sat Sep 11 18:43:45 1999 Delivered-To: freebsd-security@freebsd.org Received: from scientia.demon.co.uk (scientia.demon.co.uk [212.228.14.13]) by hub.freebsd.org (Postfix) with ESMTP id 54B84150CB; Sat, 11 Sep 1999 18:43:30 -0700 (PDT) (envelope-from ben@scientia.demon.co.uk) Received: from lithium.scientia.demon.co.uk ([192.168.0.3] ident=exim) by scientia.demon.co.uk with esmtp (Exim 3.032 #1) id 11PxSQ-000ErQ-00; Sun, 12 Sep 1999 01:25:26 +0100 Received: (from ben) by lithium.scientia.demon.co.uk (Exim 3.032 #1) id 11PxSO-000AsW-00; Sun, 12 Sep 1999 01:25:24 +0100 Date: Sun, 12 Sep 1999 01:25:24 +0100 From: Ben Smithurst To: "Jeremy L. Ramirez" Cc: dev-null@ns1.digicomsystems.net, freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: How to prevent motd including os info Message-ID: <19990912012524.B41509@lithium.scientia.demon.co.uk> References: <4.2.0.58.19990911151659.00aa8d60@ns1.digicomsystems.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i In-Reply-To: <4.2.0.58.19990911151659.00aa8d60@ns1.digicomsystems.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jeremy L. Ramirez wrote: > telnet stream tcp nowait root /usr/libexec/telnetd telnetd -h > > what you are doing is adding the -h at the end of the line which prevents > a user from seeing the OS before even logging in. An even better way is to disable telnet completely, and use ssh like you should. Note that people can still use nmap or something to guess at your OS. -- Ben Smithurst | PGP: 0x99392F7D ben@scientia.demon.co.uk | key available from keyservers and | ben+pgp@scientia.demon.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message