-----BEGIN PGP SIGNED MESSAGE----- On Sat, 20 Apr 2002 03:07, you wrote: > TheFinn wrote: > > On Thu, 18 Apr 2002 07:11, you wrote: > > > > I disagree, have a look at one of the latest TESO exploits: > > [...] > > > So, if you can obscure your version numbers this baby don't work. Merely > > one example. > > I would argue that not many of these exploits are particularly "smart", > meaning, they shoot first and do not even bother to ask the server > questions. It is trivial to use the exploit suite you posted to ignore > the server banner, anyway.
Obviously you didn't understand or I wasn't clear enough. There is a syn bulk port scanner that scans b class networks for port 21. There is a banner checker program that checks for the version number of the system. There is an exploit which works on various versions of various systems. (All this is, is valid retloc values that have been hard-coded into the exploit). The Syn Scanner runs. It creates a file of systems running something on port 21. The banner checker reads that file and checks for version numbers. (which won't work on my system as my banners are different or non-existant). The exploit then tries the output of the banner checker host-by-host. The "hacker" (debatable) doesn't sit there and wonder what version you're really running, he doesn't plod away changing the retloc values until he gets a r00t. He has just scanned a B class, (There was also a script that ran the syn scanner on 256.0-256.X.X). He moves on to a system that IS exploitable. Does it add extra "security", not really by exact definitions of the word I suppose. Does it stop some lamer or unattended worm getting into your system in the 3 hours before your auto update programs install a new version of your ftpd or in the 5 days it takes for the ftpd dudes to get their act together after an advisory ? Yes. IMHO security is about an holistic approach to the box, it's systems and daemons, it's accounts and passwords, IDS and security programs, and system management. L8r TF. -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQEVAwUBPMBeGVcLqEBr4wHHAQFiywf+I2CHoaCNgLS0lHnHFRx6xfK0EnbzXUAV lZZeu+I6g4sAwXuuxWT4Q54IkcqIRHNsx3GvnZxw9abpsa8t/ZldxtR4CbTTQYHQ PWHgsr0MyAzC/yce0yjH4AnBS1gPBx1JIxGDsDsXpeDkvIeER7A0KLAICPpXS403 pCPQ9FvaTp743+e+Op1vbQgp+/lyqEamPcrwZxGVfutHkarAur0V/Qnx7G0oy3Od SNLwZdYwcxDFUy4tWpwzPL4TdFQgsleYXVWylAfYyEd++HuSifjppTMAjZTpyLM/ 7RLEu2K0PeyAoV0uNVsJSsZi6h/uf37AGR3DtfP+o+XGpas65Tftaw== =Cg86 -----END PGP SIGNATURE-----