[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Stopping people finding out uptime?

On Mon, 15 Apr 2002 14:20:34 +1000
Daniel Pittman <daniel@rimspace.net> wrote:
> So, hiding this information does not protect you from attacks. All it
> does is give you a false feeling of confidence in your "protection" --
> which is, in the end, non-existent.
> Security through obscurity isn't, and hiding your uptime is obscurity.

There is no "security through obscurity". There is just Security.
Capital S. Which means making it as difficult as possible, within the
constraints of administrator time allowances, for an attacker to do
anything or get any information which may help them.

I'm running kernel 2.2.18. I'm going to sleep in a few hours. If a
kernel-based remote root exploit is discovered when I'm asleep, and they
release 2.2.19, I won't upgrade until I wake up.

In the meantime, some script kiddie somewhere is flooding my network
with scans to detect what OS a given machine is running, and how long
it's been up. Of course, they're not sitting there watching it. They're
just running a script. They'll get thousands of hits from other people's
machines (who are running 2.2.18 but haven't upgraded) - they and their
script will just ignore mine, as a waste of resources to attempt to
crack (since they don't even know that I'm running a vulnerable kernel).

Unlikely? Yes. Your point? I thought so.

\ David B. Harris, Systems administrator   |   http://www.terrabox.com /
/  eelf@sympatico.ca, elf@terrabox.com     |     http://eelf.ddts.net  \
/ Clan Barclay motto: Aut agere, aut mori.  (Either action, or death.) \

Attachment: pgpsI70dCFZKy.pgp
Description: PGP signature

Reply to: