![nmap-announce logo](/images/nmap-announce-logo.png)
Nmap Announce mailing list archives
Re: OS Detection Question
From: Brian Kifiak <bk () localhost ca>
Date: Thu, 4 May 2000 22:05:08 -0700
However, I'd like to see those get used as one of the last things done to secure a machine, not the first.
I don't think anyone was suggesting that OS masking was anything near a complete security solution. I still don't think you're quite convinced how handy this can be. Consider the following: It's *extremely* hard, if not impossible, to *gaurantee* that your services(1) are secure. It's likely that someone, somewhere, sometime, will have working code to exploit *something* your machine is doing. They now start looking for machines to hack. Their exploit is specific to a certain arch/OS/daemon/whathaveyou. They start scanning looking for that specific quality which they can exploit. If your system doesn't easily present the information required to get a match against that quality, their scanner is likely to skip your machine and go onto the next (maybe the honeypot I setup on that subnet ...). Advertising your details is like hanging a dated list of parts used to construct your house on the front door. Somebody's likely to have a lockpick to beat that 32-notch triply reinforced stainless platinum lock you just got (or maybe just a really big diamond drill ...). Yes, the fact remains you're still vulnerable. I don't know about you, but I think someone would notice me hanging outside their front door peering into their lock with a stash of tools sitting beside me. I'd probably just move onto the house I knew I could get into when I drove through your neighbourhood. Wouldn't you? I'd list this as one of the things I'd consider doing by default. (1): Most servers run a fair number of relatively complex services. A server isn't much use if it doesn't run anything. (Typical example: smtp, ftp, ssh, http, and pop running on one machine.) Or, using the door analogy: your house probably has windows and doors and hinges and ... -bk
Current thread:
- Re: OS Detection Question, (continued)
- Re: OS Detection Question Fyodor (May 03)
- Re: OS Detection Question Bruno Morisson (May 03)
- Re: OS Detection Question Saint skullY the Dazed (May 03)
- Re: OS Detection Question Marco Belmonte (May 04)
- Re: OS Detection Question Mr. Man (May 04)
- Re: OS Detection Question Cameron Palmer (May 05)
- Re: OS Detection Question Mr. Man (May 05)
- Re: OS Detection Question Fyodor (May 07)
- Re: Nmap vs DTK ? Nicodimus (May 11)
- Re: OS Detection Question Saint skullY the Dazed (May 04)
- Re: OS Detection Question Brian Kifiak (May 04)