Date: Mon, 9 Jul 2001 00:24:09 +0200 From: Eivind Eklund <eivind@thinksec.no> To: Jason Burdick <webmaster@yclan.net> Cc: security@freebsd.org Subject: Re: Hiding Versions Message-ID: <20010709002409.B49349@thinksec.no> In-Reply-To: <003801c1065e$c4724480$0c8e1581@yclan.net> References: <200107061929.MAA30700@user7.hushmail.com> <003801c1065e$c4724480$0c8e1581@yclan.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jul 06, 2001 at 05:01:03PM -0400, Jason Burdick wrote: > Hiding version strings is very pointless. The only use is to let admins be > a tad bit more lazy in patching so s'kiddies, who only look for version > strings for exploit purposes, will pass by the box. This doesn't stop > someone with a clue, so it's a waste of time. Patch the box correctly, and > you'll have less problems. I agree that you should patch the box correctly. I do not agree that hiding verison numbers is useless. When you hide your version number, you make it less likely that the exploit will work the first time - and if your service is set up so the first attempt is all the attackers get (e.g, BIND exploits) then hiding the version number increase real security. It also increase the likelihood of detection, as a wrong exploit is likely to be tried first, and thus log an error. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010709002409.B49349>