DvB said: > You're probably right about it being security through obscurity. I was > thinking in terms of someone looking for "exploitable" machines but, on > second thought, I suppose that instead of probing each computer for > vulnerability, one could just go ahead and test the exploit... in most > cases, anyway.
that would be the best way. A few months ago a security "services" company was offering my company "services" in the form of automatic port scans and vulnerability detection and virus notifications. They offered to do a trial run against one of my servers, so I said go for it. They tripped dozens of rules in my IDS and came back to me pissing their pants saying my SSH was vulnerable because it wasn't the absolute newest, took some time to convince them(had to talk to one of their engineers who understood what backporting was) that we were not vulnerable to the specific things they were probing for. outpost 24 was the company..nice folk, too bad more people don't understand the concept of back porting fixes, I was amazed how freaked out the sales guy got. He thanked me in the end(even though I turned their services down) because I taught him a lot in the process. and sure enough a few weeks later he was calling me for help on some personal trouble he was having on his servers..:/ results of their scan(just for the hell of it): http://saratoga.linuxpowered.net/scan/ since there is no machine on that IP address anymore(damn downsizing!) theres no harm done :) nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
