Hi2all
What is amazing is that many times when people dont understand the point of an attack the first reaction is: bah ... it's just a nonsense script kiddie attack. Put your self in the skin of a real nasty, well social skilled black hat hacker, whats the first thing he want you to know? that he is what he is or that he is just a kid clicking?
The other way around is very funny, though. (do as if you have a vulnerable version and watch the h@x0r5 wasting their time...)
Is that your idea of a sandbox? you will see that both of you are just wasting time.
Modifying the version number has nothing to do with sandboxing. Sandboxing is the practice of running the software in a "seperate" space to prevent it from doing bad things (such as chrooting it so that it cannot read /etc/passwd as easily). What it can be good for though is wasting the attackers time and energy. If the attacker does bother to check the version and see's that it is an old version (say sendmail 8.8.5) they will then launch a variety of older attacks against it, which will fail since you're running Sendmail 8.11.1 or whatever. They will then (hopefully) get bored and leave you alone. I'm 99% sure a LOT of people use automated scripts/etc just to generate "noise" to waste admins time, so that the real attacks slip through, I've actually got an article half done on this topic (and what you can do about it).
"Stereotyping Can Be Dangerous" (Tangled Web, Chapter 2 - Inside the mind of the cybercriminal)
[ ]'s bacano
Kurt Seifried - seifried@securityportal.com SecurityPortal, your focal point for security on the net http://www.securityportal.com/