Re: Block OS Detection

From: Gadi Evron (ge@linuxbox.org)
Date: Wed Sep 05 2007 - 15:18:45 EDT

• Next message: Walsh, Leo: "FrontPage client"
• Previous message: Barry Fawthrop: "Re: Where is the Wireless line?"
• In reply to: Robert E. Lee: "Re: Block OS Detection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Wed, 5 Sep 2007, Robert E. Lee wrote:
>
> Obfuscation does not protect your system/service. There is no measurable
> benefit in blocking OS Detection or changing banners.

Security by obscurity does not protect you by itself, but it is a strong
tool I wouldn't make fun of.

In our world, nothing is impossible. The defending side job is to make it
more difficult so that your cost is too hight.

Changing banners is useful, it allows you to avoid *some* automated
exloitation and finger-printing.

In most of my machines, I change the default SSH port from 22. The reason
for that isn't that it won't still be simple to find where SSH is, but
rather that if another exploit like the one from ~2002
happens again, I won't be automatically exploited by some worm.

Does changing the SSH port protect me from SSH attacks? Maybe
only from automated ones like bruteforcing, but you get my drift.

Changing banners has little or no cost, and it contributes. It is a best
practice. Why else would BitchX still allow you to hide yourself as mIRC
(last time I checked which was 1999, so I hope it still does).

         Gadi.

>
> Robert
>
> --
> Robert E. Lee
> Chief Security Officer
> Outpost24 - One Step Ahead
> http://www.outpost24.com
>
> phone: +46-455-61-2320
> fax : +46-455-1-3960
> email: robert@outpost24.com
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Walsh, Leo: "FrontPage client"
• Previous message: Barry Fawthrop: "Re: Where is the Wireless line?"
• In reply to: Robert E. Lee: "Re: Block OS Detection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:06 EDT