fooling nmap
vxp
vxp at digital-security.org
Sat Sep 4 08:42:57 PDT 2004
no. obscurity as the _only_ "security" is no security.
there's nothing wrong with ADDING obscurity, however. =)
--Val
On Sat, 4 Sep 2004, Colin Alston wrote:
> vxp wrote:
>
> >pretty much any sort of attack / intrusion attempt begins with information
> >gathering on the machine. part of that, would be trying to figure out what
> >OS runs on the machine. the more (accurate) information a potential
> >attacker can gather on the machine, the more chances that his attempt will
> >succeed. obviously, even with this change in place, you'd need to do some
> >other things so as to prevent this for example:
> >
> >$ telnet localhost 22
> >Trying ::1...
> >Connected to localhost.digital-security.org
> >Escape character is '^]'.
> >SSH-1.99-OpenSSH_3.6.1p1 FreeBSD-20030924
> > ^^^^^^^^^
> > banners all over need to be changed
> >
> >but nevertheless, it'd be a step in the right direction in my opinion
> >
> >
>
> A great man once said to me "Security by obscurity is, after all, no
> security at all."
>
> This is very much a step in the wrong direction.
>
> --
> Colin Alston <karnaugh at karnaugh.za.net>
>
> About the use of language:
> "It is impossible to sharpen a pencil with a blunt axe. It is
> equally vain to try to do it with ten blunt axes instead."
> -- E.W.Dijkstra, 18th June 1975. (Perl did not exist at the time.)
>
>
More information about the freebsd-net
mailing list