Hiding Banner

Timo Schoeler timo.schoeler at macfinity.net
Wed Sep 14 09:18:20 EDT 2005


> As stated by another poster, there is plenty of software that can tell
> what version you are running,

that was me mentioning nmap fingerprinting.

> even if you disable the banners. All that
> disabling the banner does, is make idiots feel comfortable. The only
> way, short of an expensive in-line ids, to stop exploits, is to patch or
> disable the software with 'kill <process>'. How does the version hiding
> help, if the software has a list of, say, 10 holes to probe for, and can
> do so in mere seconds?

if an attacker doesn't know which MTA (e.g.) you're running (s)he has to
do lots more probes -- you win time!

in production environments this is crucial before implementing bleeding
edge stuff that may (and, murphy knew it, does) fail.

> Ones that fail, oh well. Ones that pass, you're
> compromised. Banner, version info or not, didn't help.

the main difference between theory and practice is that in practice it's
(unfortunately) not only ones and zeroes... ;)

> 
> Believe in what you will.

i do :)

> 
> On Wed, 14 Sep 2005, Timo Schoeler wrote:
> 
>> Date: Wed, 14 Sep 2005 13:09:20 +0200
>> From: Timo Schoeler <timo.schoeler at macfinity.net>
>> To: Alexander Dalloz <ad+lists at uni-x.org>
>> Cc: amodsutavane at gmail.com, info-cyrus at lists.andrew.cmu.edu
>> Subject: Re: Hiding Banner
>>
>>>>          I am new to cyrus. I have manage to installed cyrus-imapd
>>>> 2.2.12-9 on FC1. For security reasons, i need to change the Banner of
>>>> cyrus-imapd server. When i do telnet localhost 110 , i gets * OK
>>>> netserv Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-9 server ready, how can
>>>> i change it as per my requirement??? I am having source rpm with me.
>>>> Can any body help me out ???
>>>
>>>
>>>
>>>> Amod Sutavane.
>>>
>>>
>>>
>>> http://www.google.com/search?hl=en&q=security+by+obscurity&btnG=Google+Search
>>>
>>>
>>> Better keep your system secure
>>
>>
>> yes.
>>
>>> then trying to camouflage.
>>
>>
>> nope. a combination of both :)
>>
>> imagine running production systems, a bug in the current stable is
>> discovered but (as you run production systems) you're not able to
>> upgrade them within a few minutes and in the mid of a week.
>>
>> hiding the daemon from a possible intruder is /very/ nice in this case.
>>
>> not everybody is willing to run beta software/bleeding edge early
>> adopter's stuff on a PeeCee w/o redundant PSUs/HDs/etc. w/o ECC
>> connected to an ADSL line. however, there's a lot of people willing to
>> do so. but that's not a sign for the best solution (TM).
>>
>>> Btw. you are running an EOL (end of lifetime) Linux distribution
>>> release. Think about that.
>>>
>>> Alexander
>>
>>
>> cheers,
>>
>> timo



More information about the Info-cyrus mailing list