as far as I've seen eliminating version banners causes more problems becouse it makes it harder for the sysadmins to check what version is running (you can try to keep records, but we all know that records don't always agree with reality) so you end up being more likly to be running a bad version then if you could check.
David Lang On 2 Apr 2002, Jim Levie wrote: > Date: 02 Apr 2002 13:59:18 -0600 > From: Jim Levie <[EMAIL PROTECTED]> > To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> > Subject: Re: removing banners from cyrus > > On Tue, 2002-04-02 at 13:26, Ken Murchison wrote: > > > > > > Clifford Thurber wrote: > > > > > > Ken I am just interested in suppresing platform/version information when > > > someone telnet to port 143. Just one more layer of security. > > > > But by doing this, you're implying that there is a security hole in the > > Cyrus server which can be exploited if the hacker discovers the > > vendor/version info. Is there some known security hole in Cyrus that > > isn't in other servers. Even if there is, I don't think that the lack > > of info in the banner is going to stop a hacker from trying the exploit > > anyway. Furthermore, a good hacker intent on finding Cyrus servers > > could also detect them by look for known response strings from commands, > > etc. > > > Ah yes, the old "security through obscurity" game. From what I've seen > eliminating the server type and version has no affect on whether a > cracker can exploit any weakness that an application has. And that's > because the vast majority of attacks aren't done in what one would > consider an intelligent manner. The attacker doesn't examine services to > figure out if they are vulnerable or not. He/she simply runs a script > that attempts to exploit all known vulnerabilities. So hiding the fact > that you are running a certain version of Sendmail, or Cyrus, or > whatever doesn't generally help. The attack scripts that I've recovered > from cracked boxes (that were then used to try to crack other boxes) > just had a big list of things to try. > -- > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ > Jim Levie email: > [EMAIL PROTECTED] > Dynetics Inc, Huntsville, Al Ph. 256.964.4337 > The opinions expressed above are just that... >
