From owner-freebsd-security Sun Nov 26 13:17:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from albatross.prod.itd.earthlink.net (albatross.prod.itd.earthlink.net [207.217.120.120]) by hub.freebsd.org (Postfix) with ESMTP id CB8A537B479 for ; Sun, 26 Nov 2000 13:17:18 -0800 (PST) Received: from 1Cust126.tnt14.krk1.da.uu.net (1Cust126.tnt14.krk1.da.uu.net [63.26.25.126]) by albatross.prod.itd.earthlink.net (8.9.3-EL_1_3/8.9.3) with ESMTP id NAA04076 for ; Sun, 26 Nov 2000 13:17:09 -0800 (PST) Date: Sun, 26 Nov 2000 15:17:06 -0600 (CST) From: David Talkington X-Sender: dtalk@sherman.spotnet.org To: freebsd-security@FreeBSD.ORG Subject: Re: How to prevent motd including os info In-Reply-To: <19990913173532.A842@dmaddox.conterra.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- >> If someone can get a shell on your machine, it should be trivial to >> determine (at the very least) that the machine is running a bsd OS. >> (existance of /usr/ucb, flags to ps, etc) You'd need to take care of >> uname, dmesg, and so on. It's better to spend your time fixing real >> security holes. Not disagreeing with you in principle, but your examples don't really hold up ... /usr/ucb is present even Solaris; flags to ps might change if the system uses /usr/ucb/ps by default, etc. Pardon my ignorance, but would any of the suggestions in this thread fool nmap -O? I'm with those who don't see the point of obscurity; it only fools the novices that I'm not worried about anyway. - -d - -- David Talkington Community Networking Initiative dtalk@prairienet.org 217-244-1962 PGP key: http://www.prairienet.org/~dtalk/dt000823.asc >> -Dean >> At 01:13 PM 9/12/99 -0400, you wrote: >> >Is there a way to suppress the copyright info? This is pretty much >> >a dead giveaway (At least that it's *BSD), huh? See lines 14-15 below: >> > >> >$ telnet dmaddox.conterra.com >> >Trying 127.0.0.1... >> >Connected to localhost. >> >Escape character is '^]'. >> > >> >dmaddox.conterra.com >> >Access Restricted >> > >> >Today is Sun Sep 12 13:09:57 EDT 1999 >> > >> >login: myself >> >Password: >> >Last login: Sun Sep 12 13:07:17 from localhost >> >Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 >> > The Regents of the University of California. All rights reserved. >> > >> >Welcome to BogoDOS! >> >You have mail. >> >$ >> > >> > >> >On Sun, Sep 12, 1999 at 12:56:39PM -0400, Hector Colmenares wrote: >> >> >> >> >> >> If you dont want people to know what OS are you running >> >> when they telnet into your box just change to this the info in >> >> /etc/gettytab >> >> >> >> default:\ >> >> :cb:ce:ck:lc:fd#1000:im=\r\n\%h\r\nAccess Restricted\ >> >> r\n\r\nFor info, email admin@%h\r\nToday is %d\r\n\r\n >> >> >> >> >> >> ;-) >> >> >> >> cheers !! >> >> >> >> On Sun, 12 Sep 1999, Will Andrews wrote: >> >> >> >> > >> >> > On 12-Sep-99 Ben Smithurst wrote: >> >> > > Jeremy L. Ramirez wrote: >> >> > > >> >> > >> telnet stream tcp nowait root /usr/libexec/telnetd >> >telnetd -h >> >> > >> >> >> > >> what you are doing is adding the -h at the end of the line which >> >prevents >> >> > >> a user from seeing the OS before even logging in. >> >> > > >> >> > > An even better way is to disable telnet completely, and use ssh like >> you >> >> > > should. Note that people can still use nmap or something to guess at >> >> > > your OS. >> >> > > >> >> > > -- >> >> > > Ben Smithurst | PGP: 0x99392F7D >> >> > > ben@scientia.demon.co.uk | key available from keyservers and >> >> > > | ben+pgp@scientia.demon.co.uk >> >> > > >> >> > > >> >> > > To Unsubscribe: send mail to majordomo@FreeBSD.org >> >> > > with "unsubscribe freebsd-security" in the body of the message >> >> > >> >> > >> >> > To Unsubscribe: send mail to majordomo@FreeBSD.org >> >> > with "unsubscribe freebsd-questions" in the body of the message >> >> > >> >> >> >> >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> >> with "unsubscribe freebsd-questions" in the body of the message >> >> >> > >> > >> >To Unsubscribe: send mail to majordomo@FreeBSD.org >> >with "unsubscribe freebsd-security" in the body of the message >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message >> > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQEVAwUBOiF91r1ZYOtSwT+tAQGrIgf/a6xRkw6X1OLulqbKnNWM8HhscveDcexL XKiIcLM8epI134gao90mC8pi91GT6gx2/GXzqv5DU8j3692PFK5MYtjTUWEVW0xq UbdPznd9wPgNErxig1zV3nBrgGlyPhg8HZzQ60lbvVUPkwXHKh0XIsdbqT7Y010v r5FAXpJOJ7v7khb7Ax7kJWsqm6x7wUWpOIQTm/CJgo2SIyX+OwT7ecgOFx0LBEGp ERD0vnrOU9oF/w2giTGScMhFGljaoaw/Lvb8juS52Sfb6UYcJVCiyb+6WaCZ2cT6 IIM1MXgF/KQ57Vkk6sjMnmRiHAWuzzIokZPRPYx7rifAEGa/RsT9WA== =g7tA -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message