Muhammad Faisal Rauf Danka wrote: > I'd go with the idea, Security through obscurity, Isn't such a bad idea,
No, you are right, it isn't such a bad idea. It is a terrible idea. > I mean drop down all around the corner what exactly security is, the on > going effort to keep away the *HARMFULS*, OK, I'll buy that definition. But how does StO keep *anyone* away? Scripts don't care what the banner says. Red Alert doesn't care. Nimda sure as hell doesn't. If I am a script kiddie using some exploit kit that I found, why would I stop once Apache claims it is something else? Why not just try the known exploits for every major webserver? It costs me nothing. Bottom line: you will "stop" less than 0.5% of any attacks on your webserver, automated or otherwise by having your webserver misrepresent itself. -- Josh Glover <[EMAIL PROTECTED]> Associate Systems Administrator INCOGEN, Inc.
