No, someone (I did at one point myself) asked how to strip the banners out of apache/other servers and people started veritably frothing at the mouth over the issue of StO.
I disagree about the script kiddy tools ignoring banners. Admittedly some (especially the older stuff) are just exploits (that don't look at anything), but here we're talking about some of the newer programs that you plug the exploits into. These are banner identification progams that find an exploitable system and then run the exploit FOR YOU against the host they found and report back if it was successful or not. StO helps defend against these types of attacks. TF On Fri, 7 Jun 2002 12:27, you wrote: > D wrote: > >>>I'd go with the idea, Security through obscurity, Isn't such a bad idea, > >> > >>No, you are right, it isn't such a bad idea. It is a terrible idea. > > > > On its own, yes it is. Coupled up with regular patching of security > > holes, monitoring of logs, a good IDS that is setup to mail/page you, > > correct configurations, and a good background on security, it is actually > > useful. > > You are right. It would seem that we are arguing about different things, > then. My claim that StO is a bad idea was based on the scenario that it > is the first (and in some cases, only) trick used to "secure" a box. > That is what I thought the discussion was about. > > > Which only goes to prove how you have skipped studying current trends. > > Don't take it personally, but any admin who does that, is a graver danger > > to his network, than the most skilled cracker. > > I think this bit of flamage is a bit unjustified, but I will let it go. > > > Heard of a couple of exploits for openssh ? And openssh is widely used. > > Ever heard of this little script called sshscan/sshdscan ? Go take a look > > at the source. > > Sure. I am familiar with both the exploits and the scripts. But do I let > ssh in through my firewall from anywhere? Certainly not. > > The point here is that a good firewall config, combined with an IDS of > some sort and some good common sense, is a much better way of protecting > your stuff than suppressing a few banners and pulling the security > blanket over your eyes. > > And *that* is what I have been trying to say. Sorry if I was not clear > enough. And I still stand by my claim that the vast majority of script > kiddies' tools ignore banners and just try the exploits.
