Penetration Testing mailing list archives

Re: Block OS Detection

From: Gadi Evron <ge () linuxbox org>
Date: Wed, 5 Sep 2007 14:18:45 -0500 (CDT)

On Wed, 5 Sep 2007, Robert E. Lee wrote:


Obfuscation does not protect your system/service. There is no measurable
benefit in blocking OS Detection or changing banners.

Security by obscurity does not protect you by itself, but it is a strongtool I wouldn't make fun of.

In our world, nothing is impossible. The defending side job is to make itmore difficult so that your cost is too hight.

Changing banners is useful, it allows you to avoid *some* automatedexloitation and finger-printing.

In most of my machines, I change the default SSH port from 22. The reasonfor that isn't that it won't still be simple to find where SSH is, butrather that if another exploit like the one from ~2002happens again, I won't be automatically exploited by some worm.

Does changing the SSH port protect me from SSH attacks? Maybeonly from automated ones like bruteforcing, but you get my drift.

Changing banners has little or no cost, and it contributes. It is a bestpractice. Why else would BitchX still allow you to hide yourself as mIRC(last time I checked which was 1999, so I hope it still does).


        Gadi.


Robert

--
Robert E. Lee
Chief Security Officer
Outpost24 - One Step Ahead
http://www.outpost24.com

phone: +46-455-61-2320
fax  : +46-455-1-3960
email: robert () outpost24 com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

Re: Block OS Detection Gadi Evron (Sep 01)
- Re: Block OS Detection Jonathan Yu (Sep 01)
- RE: Block OS Detection Ofer Shezaf (Sep 04)
  - RE: Block OS Detection Gadi Evron (Sep 04)
  - RE: Block OS Detection Gadi Evron (Sep 04)
    - RE: Block OS Detection Philippe Bogaerts (Sep 04)
- <Possible follow-ups>
- Re: Block OS Detection Dotzero (Sep 04)
- Block OS Detection Jon DeShirley (Sep 04)
  - Re: Block OS Detection Joxean Koret (Sep 04)
  - Re: Block OS Detection Robert E. Lee (Sep 05)
    - Re: Block OS Detection Gadi Evron (Sep 05)
- Re: Block OS Detection sami seclist (Sep 04)
- RE: Block OS Detection Andrew Court (Sep 04)
  - RE: Block OS Detection alan (Sep 04)
  - RE: Block OS Detection Strykar (Sep 05)
- Re: Block OS Detection John Brazel (Sep 05)
  - RE: Block OS Detection Arafat M. Bique (Sep 05)
    - Re: Block OS Detection vtlists (Sep 05)