Re: SSHD revelaing too much information.

From: Jeffrey J. Mountin (jeff-ml@mountin.net)
Date: 03/28/01


Date: Tue, 27 Mar 2001 18:09:11 -0600
To: security@FreeBSD.ORG, security@FreeBSD.ORG
From: "Jeffrey J. Mountin" <jeff-ml@mountin.net>

At 05:34 PM 3/27/01 -0500, Peter Radcliffe wrote:

Argh, this can go on and on...

>I'd rather they wasted their time trying to compromise vunerable
>machine and leaving tracks that are noticable than heading directly to
>the vunerable machines and compromising them without leaving tracks.

Presuming the first "vulnerable" needs and "un" prefix and say that this
sounds like a shell game method of hoping they don't find the vulnerable
system. Better to spend time keeping up-to-date than shuffling and hope
they don't guess the right shell or server.

Chances are they will be scanning blocks of IPs and if that is the case no
slight-of-hand will hide the fact of where the vulnerable system is.

> > Something that no has pointed out yet is that if you try to limit the
> > information the system displays or not for that matter, you might attract
> > the attention of someone that likes a challenge. Sure there are far more
> > script kiddies, but would lump the obscurity idea along with boasting a
> > system is not vulnerable. Bragging might attract the wrong types to test
> > the truth of such a statement. For certain that might help when it turns
> > out it isn't true, but would be a hassle regardless.
>
>Do you leave your doors unlocked in case someone breaks it down, too ?

More to point is that regardless if you say "this door is locked" or not
doesn't mean they won't try it. Saying we upgraded the lock from the cheap
lockset might make them try another house.

All cute wording aside, there was a time when I removed the version number
from a daemon and found that the number of probes increased. Did it make
the system any more secure, no. Almost as bad as using a "honey pot" to
lure the bears away. Before they only came around now and again. Now they
come for the honey you put out. Attracting more bears may not be necessary
bad, but can increase the risk of an "incident."

Better to spend time limiting the loss should the house be broken into than
hiding the fact there is a house there.

Obscurity is a waste of time for little benefit IMO.

Jeff Mountin - jeff@mountin.net
Systems/Network Administrator
FreeBSD - the power to serve

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Re: Is trumpet vine my best bet for attracting hummingbirds
    ... I'll be looking to attract ruby-throated hummingbirds. ... and plant trumpet vine in front (and let the trumpet vine ... We live in a house built in 1874 which has a stone foundation and dirt ...
    (rec.birds)
  • Re: Flapping "For Sale" sign, need design help for
    ... > distance from the house so I can't ... > run AC out to the motor so I guess this contraption will have to be DC ... Need this contraption to work for about 8 hours at a time. ... They attract lots of attention. ...
    (sci.electronics.design)
  • Re: Keeping bears away from your tent
    ... BEARS AND MENSTRUATING WOMEN ... menstrual odors has not been studied experimentally. ... this action may attract bears to other menstruating women. ...
    (rec.backcountry)
  • Re: Ive had enough (OT)
    ... boy bears when poked with a stick! ... In the end, take what you are entitled to, glad the house isn't part of the estate. ... furs". ...
    (rec.pets.cats.anecdotes)
  • Re: OT: life update
    ... drunks for company. ... I spent yesterday cleaning my house and I've been ... thistle you attract here, remember always that no one walks the walk ...
    (rec.pyrotechnics)