> As stated by another poster, there is plenty of software that can tell > what version you are running,
that was me mentioning nmap fingerprinting. > even if you disable the banners. All that > disabling the banner does, is make idiots feel comfortable. The only > way, short of an expensive in-line ids, to stop exploits, is to patch or > disable the software with 'kill <process>'. How does the version hiding > help, if the software has a list of, say, 10 holes to probe for, and can > do so in mere seconds? if an attacker doesn't know which MTA (e.g.) you're running (s)he has to do lots more probes -- you win time! in production environments this is crucial before implementing bleeding edge stuff that may (and, murphy knew it, does) fail. > Ones that fail, oh well. Ones that pass, you're > compromised. Banner, version info or not, didn't help. the main difference between theory and practice is that in practice it's (unfortunately) not only ones and zeroes... ;) > > Believe in what you will. i do :) > > On Wed, 14 Sep 2005, Timo Schoeler wrote: > >> Date: Wed, 14 Sep 2005 13:09:20 +0200 >> From: Timo Schoeler <[EMAIL PROTECTED]> >> To: Alexander Dalloz <[EMAIL PROTECTED]> >> Cc: [EMAIL PROTECTED], info-cyrus@lists.andrew.cmu.edu >> Subject: Re: Hiding Banner >> >>>> I am new to cyrus. I have manage to installed cyrus-imapd >>>> 2.2.12-9 on FC1. For security reasons, i need to change the Banner of >>>> cyrus-imapd server. When i do telnet localhost 110 , i gets * OK >>>> netserv Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-9 server ready, how can >>>> i change it as per my requirement??? I am having source rpm with me. >>>> Can any body help me out ??? >>> >>> >>> >>>> Amod Sutavane. >>> >>> >>> >>> http://www.google.com/search?hl=en&q=security+by+obscurity&btnG=Google+Search >>> >>> >>> Better keep your system secure >> >> >> yes. >> >>> then trying to camouflage. >> >> >> nope. a combination of both :) >> >> imagine running production systems, a bug in the current stable is >> discovered but (as you run production systems) you're not able to >> upgrade them within a few minutes and in the mid of a week. >> >> hiding the daemon from a possible intruder is /very/ nice in this case. >> >> not everybody is willing to run beta software/bleeding edge early >> adopter's stuff on a PeeCee w/o redundant PSUs/HDs/etc. w/o ECC >> connected to an ADSL line. however, there's a lot of people willing to >> do so. but that's not a sign for the best solution (TM). >> >>> Btw. you are running an EOL (end of lifetime) Linux distribution >>> release. Think about that. >>> >>> Alexander >> >> >> cheers, >> >> timo ---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
