On Mon, 2003-01-20 at 14:50:49 -0500, Jesse Guardiani proclaimed... > It a hacker finds a vulnerability that works for a certain version range, then > he's going to look for that version range when he tries to exploit it.
Most of the tools I come across do check explicitly for version strings. Granted there are the kinds that throw a whole bunch of shellcode at a machine and hope it works, but they're more noisy. > Denying access to version information may just prevent an attack. But it's > certainly not the best defense. Definitely; any security policy should implement every possible counter measure against an attack. Don't disclose version numbers; keep machines patched, require host and network level security measures, etc. Hope this didn't get too off-topic :) - Eric _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
