From owner-freebsd-security Mon Mar 26 21: 0: 3 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.interchange.ca (ns.interchange.ca [216.126.79.2]) by hub.freebsd.org (Postfix) with ESMTP id 0336C37B718 for ; Mon, 26 Mar 2001 21:00:00 -0800 (PST) (envelope-from michael@fastmail.ca) Received: by mail.interchange.ca (Fastmailer, from userid 555) id 3C9BF2146; Mon, 26 Mar 2001 23:59:52 -0500 (EST) MIME-Version: 1.0 Message-Id: <3AC01E48.0001D9.05696@frodo.searchcanada.ca> Content-Type: Multipart/Mixed; boundary="------------Boundary-00=_S7BUK4FR9K5OO49D7TH0" To: freebsd-security@FreeBSD.ORG Subject: Version Hiding From: "Michael Richards" X-Fastmail-IP: 24.43.130.237 Date: Mon, 26 Mar 2001 23:59:52 -0500 (EST) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --------------Boundary-00=_S7BUK4FR9K5OO49D7TH0 Content-Type: Text/Plain Content-Transfer-Encoding: 7bit I remember once someone working at a university I once attended spent weeks obscuring a linux box he was running so it would look like a Solaris machine. He spent so long doing this that he neglected to fix a very basic security flaw and was hacked. I also remember a machine I was running where an obscured version wasn't fixed for a few weeks of scanning and exploiting. So sometimes it is effective and sometimes it is not. I know for a fact that some of the best hackers in the world do months and months of analysis of a system before even attempting anything because they like to get in on the first try and clean everything up. Using the wrong offset on stack popper code for a buffer overrun can tip off the admin. So what am I saying? This is a religeous battle that may or may not make your machine more resistant to attack. Why not make a switch that allows an admin to obscure versions if they like and display them proudly if they don't. Probably something more suited to a ports discussion. -Michael _________________________________________________________________ http://fastmail.ca/ - Fast Free Web Email for Canadians --------------Boundary-00=_S7BUK4FR9K5OO49D7TH0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message