-----Original Message----- From: bolo@lupa.de [mailto:bolo@lupa.de] Sent: Wednesday, March 06, 2002 1:40 PM To: suse-security@suse.com Subject: Re: [suse-security] Apache version
[snipped]
Agreed. But it's a common and recommended security practise to hide banners of demons. This is not security through obscurity, but essential.
Most of the the activity in your logs, including hack/exploit attempt are from scriptkiddies who couldn't care less what version your running.
NACK. It's highly important, even for some script kiddies, which versions of demons you're running. Most of the cracker lore deals with version informations and whatnot, because most exploits are designed for distinct versions of the programs they're targeted at. There are more types of attackers "out there" than script kiddies.
I agree! Hence my expression: "everything AND the kitchensink" :o) I´m of course aware of the other types as well. I was merely pointing out that tha majority are scriptkiddies who knows nothing about about comp. security.
The just throw their cookbooks at your IP/firewall regardless.
Yes, they do. And of course it would be silly to hide behind a non-disclosed banner of a vulnerable demon version, but it's perfectly okay to hide versions and demon names of properly installed and sec-hardened servers.
Sure it is. But necessary ? I don´t believe so. Exploits will work regardsless, if the servers vulnerable.
I believe there´s other ways of getting Apache to reveal it´s version too, so this wont work.
That's true, but this isn't as easy as it seems, and commonly is way beyond the scope of an average script abuser.
Agreed /Yarrel