scanning patterns (was:Re: Stopping people finding out uptime?)
It is rare that the "kiddies" bother to scan in the manner you describe.
Generally, their pre/re-packaged exploits just scan a range of IPs and try
it on every machine available. (Check out your apache or firewall logs).
Hiding your uptime (or apache version, ftp version, etc, etc, etc) does
not get you all that much.
It takes an extra effort to probe, when an attack attempt is just as
A determined attacker who bothers to probe you first will just get you
On Mon, 15 Apr 2002, David B Harris wrote:
> > Security through obscurity isn't, and hiding your uptime is obscurity.
> There is no "security through obscurity". There is just Security.
> Capital S. Which means making it as difficult as possible, within the
> constraints of administrator time allowances, for an attacker to do
> anything or get any information which may help them.
> I'm running kernel 2.2.18. I'm going to sleep in a few hours. If a
> kernel-based remote root exploit is discovered when I'm asleep, and they
> release 2.2.19, I won't upgrade until I wake up.
> In the meantime, some script kiddie somewhere is flooding my network
> with scans to detect what OS a given machine is running, and how long
> it's been up. Of course, they're not sitting there watching it. They're
> just running a script. They'll get thousands of hits from other people's
> machines (who are running 2.2.18 but haven't upgraded) - they and their
> script will just ignore mine, as a waste of resources to attempt to
> crack (since they don't even know that I'm running a vulnerable kernel).
> Unlikely? Yes. Your point? I thought so.
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org