On Sun, 8 Oct 2000, Roman Drahtmueller wrote:
That is so utterly stupid. Most script kiddie attacks I have seen don't even bother to be subtle at all, they just use the shotgun approach, taking an exploit and pointing it at machines until they get in. Hiding version info is pretty damn useless. Kurt Seifried - seifried@securityportal.com
Wow, ease off the trigger please. I guess that's what I get for not formulating clearly. What I meant to say was since the "attack" in question lasted over more than a day, maybe some script kiddie had detected a vulnerable ftp daemon and was trying to break in, and that he might have gotten that information by simply connecting or scanning unless the server information was suppressed, in which case I don't think most script kiddies would know with which ftp daemon they were dealing. I never meant to say that suppressing server information would safeguard you or even be useful. I agree with you that most script kiddies just randomly attack, but when someone repeatedly tries to get in over a period of time, then they might be looking for something specific. Switch to decaf please ;-)
I agree. Security by obscurity doesn't help - in the contrary: It shows the attacker the level of experience to some degree. You should easily be able to recognize an MTA just by its reaction to some teasing and bugging.
You are right. Although I don't think most script kiddies are knowledgeable enough to do that.
The other way around is very funny, though. (do as if you have a vulnerable version and watch the h@x0r5 wasting their time...)
*grin* I think I'll try that sometime.
Roman. --
Stefan