[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Stopping people finding out uptime?

On Mon, 15 Apr 2002, David B. Harris wrote:
> On Mon, 15 Apr 2002 14:20:34 +1000
> Daniel Pittman <daniel@rimspace.net> wrote:
>> So, hiding this information does not protect you from attacks. All it
>> does is give you a false feeling of confidence in your "protection"
>> -- which is, in the end, non-existent.
>> 
>> Security through obscurity isn't, and hiding your uptime is
>> obscurity.

[...]

> I'm running kernel 2.2.18. I'm going to sleep in a few hours. If a
> kernel-based remote root exploit is discovered when I'm asleep, and
> they release 2.2.19, I won't upgrade until I wake up.

*nod*

> In the meantime, some script kiddie somewhere is flooding my network
> with scans to detect what OS a given machine is running, and how long
> it's been up. 

Alternately, as with many of these things, they have their script
running around and attempting the crack on anything at all or, possibly,
the slightly more targeted, anything that looks remotely similar. :)

> Of course, they're not sitting there watching it. They're just running
> a script. They'll get thousands of hits from other people's machines
> (who are running 2.2.18 but haven't upgraded) - they and their script
> will just ignore mine, as a waste of resources to attempt to crack
> (since they don't even know that I'm running a vulnerable kernel).
> 
> Unlikely? Yes. 

I am not sure what you consider unlikely in that scenario. I get regular
attempts to exploit remote root holes in my SSH server, despite the fact
that it spits out a banner as part of the connection announcing the
version I run. Holes, I might point out, that have been patched for a
long time.

> Your point? 

Hiding the information does nothing for you because the script that you
see as "scanning" is much more likely to be attempting to break in
automatically, not just guessing what might be worth attacking.

[...]

On Mon, 15 Apr 2002, David B. Harris wrote:
> I might also add that if I see one more person dismiss a method of
> discouraging a potential attacker as "useless" because it involves
> reducing their knowledge of your systems, I'm going to scream :)

Sorry. :)

> That's not how it works in the real world, folks. There, every bit
> helps.

No, it doesn't, and it often gives a sense of security to people that is
based on the assumption that they are facing something with a brain,
such that their hiding information from it will do anything to stop it.

        Daniel

-- 
All my life I have hated anniversaries of every sort. It's a ridiculous habit. 
At this advanced age, when there is nothing left to think about but death,
they want to bother me with that!
        -- Leo Tolstoy, _Diary_, 20 September 1909


-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: