Hiding Banner

Eric J. Wisti info-cyrus at wisti.com
Wed Sep 14 08:44:48 EDT 2005


As stated by another poster, there is plenty of software that can tell 
what version you are running, even if you disable the banners. All that 
disabling the banner does, is make idiots feel comfortable. The only way, 
short of an expensive in-line ids, to stop exploits, is to patch or 
disable the software with 'kill <process>'. How does the version hiding 
help, if the software has a list of, say, 10 holes to probe for, and can 
do so in mere seconds? Ones that fail, oh well. Ones that pass, you're 
compromised. Banner, version info or not, didn't help.

Believe in what you will.

On Wed, 14 Sep 2005, Timo Schoeler wrote:

> Date: Wed, 14 Sep 2005 13:09:20 +0200
> From: Timo Schoeler <timo.schoeler at macfinity.net>
> To: Alexander Dalloz <ad+lists at uni-x.org>
> Cc: amodsutavane at gmail.com, info-cyrus at lists.andrew.cmu.edu
> Subject: Re: Hiding Banner
>
>>>          I am new to cyrus. I have manage to installed cyrus-imapd
>>> 2.2.12-9 on FC1. For security reasons, i need to change the Banner of
>>> cyrus-imapd server. When i do telnet localhost 110 , i gets * OK
>>> netserv Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-9 server ready, how can
>>> i change it as per my requirement??? I am having source rpm with me.
>>> Can any body help me out ???
>>
>>
>>> Amod Sutavane.
>>
>>
>> http://www.google.com/search?hl=en&q=security+by+obscurity&btnG=Google+Search
>>
>> Better keep your system secure
>
> yes.
>
>> then trying to camouflage.
>
> nope. a combination of both :)
>
> imagine running production systems, a bug in the current stable is
> discovered but (as you run production systems) you're not able to
> upgrade them within a few minutes and in the mid of a week.
>
> hiding the daemon from a possible intruder is /very/ nice in this case.
>
> not everybody is willing to run beta software/bleeding edge early
> adopter's stuff on a PeeCee w/o redundant PSUs/HDs/etc. w/o ECC
> connected to an ADSL line. however, there's a lot of people willing to
> do so. but that's not a sign for the best solution (TM).
>
>> Btw. you are running an EOL (end of lifetime) Linux distribution
>> release. Think about that.
>>
>> Alexander
>
> cheers,
>
> timo
> ----
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>




More information about the Info-cyrus mailing list