Penetration Testing mailing list archives
Re: Block OS Detection
From: Gadi Evron <ge () linuxbox org>
Date: Wed, 5 Sep 2007 14:18:45 -0500 (CDT)
On Wed, 5 Sep 2007, Robert E. Lee wrote:
Obfuscation does not protect your system/service. There is no measurable benefit in blocking OS Detection or changing banners.
Security by obscurity does not protect you by itself, but it is a strong tool I wouldn't make fun of.
In our world, nothing is impossible. The defending side job is to make it more difficult so that your cost is too hight.
Changing banners is useful, it allows you to avoid *some* automated exloitation and finger-printing.
In most of my machines, I change the default SSH port from 22. The reason for that isn't that it won't still be simple to find where SSH is, but rather that if another exploit like the one from ~2002 happens again, I won't be automatically exploited by some worm.
Does changing the SSH port protect me from SSH attacks? Maybe only from automated ones like bruteforcing, but you get my drift.
Changing banners has little or no cost, and it contributes. It is a best practice. Why else would BitchX still allow you to hide yourself as mIRC (last time I checked which was 1999, so I hope it still does).
Gadi.
Robert -- Robert E. Lee Chief Security Officer Outpost24 - One Step Ahead http://www.outpost24.com phone: +46-455-61-2320 fax : +46-455-1-3960 email: robert () outpost24 com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Block OS Detection Gadi Evron (Sep 01)
- Re: Block OS Detection Jonathan Yu (Sep 01)
- RE: Block OS Detection Ofer Shezaf (Sep 04)
- RE: Block OS Detection Gadi Evron (Sep 04)
- RE: Block OS Detection Gadi Evron (Sep 04)
- RE: Block OS Detection Philippe Bogaerts (Sep 04)
- <Possible follow-ups>
- Re: Block OS Detection Dotzero (Sep 04)
- Block OS Detection Jon DeShirley (Sep 04)
- Re: Block OS Detection Joxean Koret (Sep 04)
- Re: Block OS Detection Robert E. Lee (Sep 05)
- Re: Block OS Detection Gadi Evron (Sep 05)
- Re: Block OS Detection sami seclist (Sep 04)
- RE: Block OS Detection Andrew Court (Sep 04)
- RE: Block OS Detection alan (Sep 04)
- RE: Block OS Detection Strykar (Sep 05)
- Re: Block OS Detection John Brazel (Sep 05)
- RE: Block OS Detection Arafat M. Bique (Sep 05)
- Re: Block OS Detection vtlists (Sep 05)
- RE: Block OS Detection Arafat M. Bique (Sep 05)