Hiding Banner

Greg A. Woods woods at weird.com
Thu Sep 15 21:38:32 EDT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Timo Schoeler wrote:

>>
>
>>> > As stated by another poster, there is plenty of software that can tell
>>> > what version you are running,
>
>>
>>
>> that was me mentioning nmap fingerprinting.
>>
>>
>
>>> > even if you disable the banners. All that
>>> > disabling the banner does, is make idiots feel comfortable. The only
>>> > way, short of an expensive in-line ids, to stop exploits, is to patch or
>>> > disable the software with 'kill <process>'. How does the version hiding
>>> > help, if the software has a list of, say, 10 holes to probe for, and can
>>> > do so in mere seconds?
>
>>
>>
>> if an attacker doesn't know which MTA (e.g.) you're running (s)he has to
>> do lots more probes -- you win time!


Excuse me, but no, you do not.

You give one of the good reasons why there's no time savings above
yourself.  Any kind of probe a human can do to detect a version or
type of software can be automated.

An even more important reason is that exploits rarely need to know
exactly what version or type of software you're running.  If your
software is vulnerable, the exploit will simply work and there's
absolutely no possibility of any warning whatsoever.

If there's anything that's critically important to remember about
digital security in a networked world is that many of the rules you
might understand about about good security practises in the real
world not only don't apply in the networked world, but if applied
they actually allow far more harm and pose far more risk than if
nothing whatsoever were done.  Read Bruce Schneier's "Secrets & Lies"
if you need further explanation.

So, to repeat what is said above, since the point doesn't seem
to be getting across very well:

	"All that disabling the banner does, is make idiots
	feel comfortable."

(and make it easier for real attackers to get past their defences
without detection)

- -- 
						Greg A. Woods

H:+1 416 218-0098  W:+1 416 489-5852 x122  VE3TCP  RoboHack <woods at robohack.ca>
Planix, Inc. <woods at planix.com>          Secrets of the Weird <woods at weird.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDKiIXYntfFMJZx4URAvE9AKCwculEi7CK5waDtSqUbgOg0R04EgCdEJX8
HJRmOCy9s77z2VMeAYKriSY=
=+SyF
-----END PGP SIGNATURE-----

More information about the Info-cyrus mailing list