Re: Stopping people finding out uptime?
On 15 Apr 2002, Luis Gómez Miralles wrote:
> El lun, 15-04-2002 a las 03:14, Daniel Pittman escribió:
>> It makes absolutely no difference to their ability to do anything to
>> your machine. Knowing that it has been up for a couple of hours or a
>> couple of years makes no real difference to the ability to attack it.
>>
>> So, why did you want to disable this?
>
> Well I don't think so. Speaking about a Linux machine, knowing when it
> was last rebooted may give you an idea of the kernel version it's
> running, so you can focus on bugs fixed in later kernels, and you'll
> probably get r00t ;-)
>
> I had never thought of it, but I think what I've said is right, ain't
> it?
If you rely on an attacker not knowing how long your machine has been
running to avoid an attack on it, you have *no* security. :)
All it takes is the first person who realizes that you might be running
an unpatched kernel but rebooted just the other week for them to try the
attack...
So, hiding this information does not protect you from attacks. All it
does is give you a false feeling of confidence in your "protection" --
which is, in the end, non-existent.
Security through obscurity isn't, and hiding your uptime is obscurity.
Daniel
--
Good artists copy, great artists steal.
-- Pablo Picasso
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: