I've been running a test machine on the internet for about 3 weeks now (on an IP that 
as far 
as I know has not previously had any machine running on it).  This machine effectively 
has all 
its ports stealthed but logs everything thrown at it. 

To say the least its been instructive.  On a good day it gets hit every hour or two on 
a bad day 
like today it gets hit dozens of times.  What's interesting is that ALL the attacks 
over a  three 
week period have been relatively quick scans on known vulnerable ports. Today I've had 
about 50 probes but they have all been on only 6 ports.  They all appear to probe for 
a known 
specific weakness in a known program or a port previously left open by a virus or 
trojan. They 
just do a the quickest possible probe and then move on the the next IP address.   If 
the port is 
open I'm fairly sure that the the next step is just to try to use the vulnerability - 
nothing fancy 
like seeing if  your are running the vulnerable version.  If the attack doesn't work 
they just 
move on, and on and on till they find someone who is vulnerable.

In general I don't think being able to test for the version info will noticeably 
increase security 
risks and will make management easier.

On 18 Mar 2003 at 16:18, Steve Bostedor wrote:

>  The purpose that I had in mind was to aid in standardizing
>  deployments and monitoring to be sure that the latest version is
>  deployed across the entire network.  I can easily do this on Windowz
>  platforms by querying the registry or getting the metadata from the
>  file, but things get a bit more complicated when crossing platforms. 
>  There are many other uses for this information.  VNC is not the type
>  of service that can gain much security benefit from hiding the
>  version number.  As one other poster pointed out, it can actually
>  increase the security by letting the administrator know that a
>  vulnerable version is installed on a workstation.
> 
> One way to secure this information would be to require authentication
> before being able to query the version number.  That would at least
> keep out the hackers that haven't already hacked ya.  ;)
> 
> - Steve Bostedor 
> http://www.vncscan.com
> 
> 
> 
> -----Original Message-----
> From: Mike Miller [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, March 18, 2003 3:56 PM
> To: VNC List
> Subject: RE: Wish: Version Query :VSMail mx2
> 
> 
> On Tue, 18 Mar 2003, William Hooper wrote:
> 
> > I agree, security through obscurity is not security.  On the other
> > hand, reporting the version gives an attacker just another piece of
> > information that is not needed by an authorized client.
> 
> 
> If the information is not needed, why is someone asking for VNC to
> provide it?  Another respondent pointed out that it would be nice for
> administrators to be able to determine which machines on their
> networks were running which VNCs.  Sounds useful.
> 
> Mike
> _______________________________________________
> VNC-List mailing list
> [EMAIL PROTECTED]
> http://www.realvnc.com/mailman/listinfo/vnc-list
> _______________________________________________
> VNC-List mailing list
> [EMAIL PROTECTED]
> http://www.realvnc.com/mailman/listinfo/vnc-list

-----------------------------------
Peter Ball
Computers For Linguists
[EMAIL PROTECTED]
Tel:    +44(0)20 7732 1741
Fax:    +44(0)20 7358 9214
Mobile: +44(0)77 1968 2913
45 Endwell Road, London, SE4 2PQ, United Kingdom
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
http://www.realvnc.com/mailman/listinfo/vnc-list

Reply via email to