Date: Mon, 26 Mar 2001 23:59:52 -0500 (EST) From: "Michael Richards" <michael@fastmail.ca> To: freebsd-security@FreeBSD.ORG Subject: Version Hiding Message-ID: <3AC01E48.0001D9.05696@frodo.searchcanada.ca>
index | next in thread | raw e-mail
I remember once someone working at a university I once attended spent
weeks obscuring a linux box he was running so it would look like a
Solaris machine. He spent so long doing this that he neglected to fix
a very basic security flaw and was hacked.
I also remember a machine I was running where an obscured version
wasn't fixed for a few weeks of scanning and exploiting. So sometimes
it is effective and sometimes it is not.
I know for a fact that some of the best hackers in the world do
months and months of analysis of a system before even attempting
anything because they like to get in on the first try and clean
everything up. Using the wrong offset on stack popper code for a
buffer overrun can tip off the admin.
So what am I saying? This is a religeous battle that may or may not
make your machine more resistant to attack. Why not make a switch
that allows an admin to obscure versions if they like and display
them proudly if they don't. Probably something more suited to a ports
discussion.
-Michael
_________________________________________________________________
http://fastmail.ca/ - Fast Free Web Email for Canadians
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AC01E48.0001D9.05696>