> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 18, 2003 3:18 PM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: Wish: Version Query :VSMail mx2 > > > It would be nice to be able to audit my network to see if > there were any > clients vulnerable to said exploit. It works both ways. > > Security through obscurity is folly. If the port is open then > it is open. > Reporting the version is after the fact.
I agree, security through obscurity is not security. On the other hand, reporting the version gives an attacker just another piece of information that is not needed by an authorized client. Auditing the network can be done a number of different ways now that don't involve even connecting to the VNC server. In fact if it is a large enough network that I would want auditing for VNC, I would want auditing for a number of different programs. And again, unless everyone adds this some versions won't give you this information, so how do you audit those? -- William Hooper _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
