On Mon, 15 Apr 2002, Daniel Pittman wrote: > On Mon, 15 Apr 2002, David B. Harris wrote: > > On Mon, 15 Apr 2002 14:20:34 +1000 > > Daniel Pittman <[EMAIL PROTECTED]> wrote: > >> So, hiding this information does not protect you from attacks. All it > >> does is give you a false feeling of confidence in your "protection" > >> -- which is, in the end, non-existent. > >> > >> Security through obscurity isn't, and hiding your uptime is > >> obscurity.
Alternatively, I would describe this uptime-hiding idea as: Security through layers of protection /is/ security, and hiding your uptime adds a layer of obscurity. > > In the meantime, some script kiddie somewhere is flooding my network > > with scans to detect what OS a given machine is running, and how long > > it's been up. > > Alternately, as with many of these things, they have their > script running around and attempting the crack on anything at > all or, possibly, the slightly more targeted, anything that > looks remotely similar. :) I'd just point out here that the likely scenario (and the one that initiated this thread) is that someone is running nmap against the network and building a database of: - which hosts are alive - what ports look open - what OS and version (ranges), if possible - uptime So your determined, focused attacker finds a problem with OS "foo", versions "1-N", and so queries the database for boxes that match that criteria. For bonus points, he looks for qualifying boxes that don't reboot often. These are boxes that probably don't get much (security) attention. It's just slightly less of a crapshoot, because maybe the box rebooted between the scan and the attack (and why?); or, maybe the box was feeding misleading uptime information; or ... > Hiding the information does nothing for you because the script > that you see as "scanning" is much more likely to be attempting > to break in automatically, not just guessing what might be worth > attacking. Depends on the script, obviously; in the nmap-getting-uptime case, it's just information-gathering (possibly for a later, focused attack). > > That's not how it works in the real world, folks. There, every bit > > helps. > > No, it doesn't, and it often gives a sense of security to people > that is based on the assumption that they are facing something > with a brain, such that their hiding information from it will do > anything to stop it. I think overall, you're looking at both attack/scan scenarios: - pure information-gathering - exploit attempts Either may be manual or automatic. Why not put the proverbial finger in as many cracks of the dam as possible? -jeff -- Negative campaigning has emerged as a major issue in the presidential primaries. What do you think? "If you ask me, these cheap, mudslinging ads drag the political process down to a level so juvenile and debased, I can actually understand it." George Lowell, Investment Banker. The Onion -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
