On Tue, 2002-04-02 at 13:26, Ken Murchison wrote:
>
>
> Clifford Thurber wrote:
> >
> > Ken I am just interested in suppresing platform/version information when
> > someone telnet to port 143. Just one more layer of security.
>
> But by doing this, you're implying that there is a security hole in the
> Cyrus server which can be exploited if the hacker discovers the
> vendor/version info. Is there some known security hole in Cyrus that
> isn't in other servers. Even if there is, I don't think that the lack
> of info in the banner is going to stop a hacker from trying the exploit
> anyway. Furthermore, a good hacker intent on finding Cyrus servers
> could also detect them by look for known response strings from commands,
> etc.
>
Ah yes, the old "security through obscurity" game. From what I've seen
eliminating the server type and version has no affect on whether a
cracker can exploit any weakness that an application has. And that's
because the vast majority of attacks aren't done in what one would
consider an intelligent manner. The attacker doesn't examine services to
figure out if they are vulnerable or not. He/she simply runs a script
that attempts to exploit all known vulnerabilities. So hiding the fact
that you are running a certain version of Sendmail, or Cyrus, or
whatever doesn't generally help. The attack scripts that I've recovered
from cracked boxes (that were then used to try to crack other boxes)
just had a big list of things to try.
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Jim Levie email:
[EMAIL PROTECTED]
Dynetics Inc, Huntsville, Al Ph. 256.964.4337
The opinions expressed above are just that...
