This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Date: Thu, 2 Nov 2000 16:07:55 -0800 (PST) From: Bobby Wen <Bobby.Wen@Eng.Sun.COM> To: svlug@lists.svlug.org Subject: [svlug] Security mailing list and discussion board Hi Some people request lsec to post the address of our mailing list and web sites after the SVLUG meeting. Lsec is a special interest group in server security. The lsec mailing is lsec@linux-consulting.com send email with "subscribe lsec" in the body. The online collaboration board "Lsectwiki" is at emu.kanga.nu The temporary web site is at www.Linux-Consulting.com/lsec. ==== Date: Thu, 2 Nov 2000 17:18:01 -0800 To: svlug@lists.svlug.org Subject: Re: [svlug] Security mailing list and discussion board From: Rick Moen <rick@linuxmafia.com> Which reminds me: Ever notice what an awful lot you can learn about a site's security, and its potentially vulnerable software, just by what its daemon software blabs to the world at large? E.g.: telnet uncle-enzo.linuxmafia.com 80 Trying 209.81.22.250... Connected to uncle-enzo.linuxmafia.com. Escape character is '^]'. GET / HTTP/1.0 HTTP/1.1 200 OK Date: Fri, 03 Nov 2000 01:03:51 GMT Server: Apache/1.3.9 (Unix) Debian/GNU PHP/3.0.17-dev AuthMySQL/2.20 Last-Modified: Fri, 02 Jun 2000 02:19:01 GMT ETag: "2ca002-d62-39371995" Accept-Ranges: bytes Content-Length: 3426 Connection: close Content-Type: text/html [...] It strikes me that a minimal amount of security-through-obscurity in the form of recompiling or configuring one's daemons to make them less chatty is probably wise. === To: Rick Moen <rick@linuxmafia.com> Subject: Re: [svlug] Security mailing list and discussion board Date: Thu, 02 Nov 2000 19:26:59 -0800 From: J C Lawrence <claw@kanga.nu> On Thu, 2 Nov 2000 17:18:01 -0800 Rick Moen <rick@linuxmafia.com> wrote: > It strikes me that a minimal amount of security-through-obscurity > in the form of recompiling or configuring one's daemons to make > them less chatty is probably wise. While true, I'm not sure that the returns on the extra time spent building and packaging (which can be non-trivial for complex build environment packages) would be worth it. === Date: Fri, 3 Nov 2000 00:21:32 -0500 From: Bill Jonas <bill@billjonas.com> To: svlug@lists.svlug.org Cc: Darxus <Darxus@ChaosReigns.com> Subject: Re: [svlug] Security mailing list and discussion board On Thu, Nov 02, 2000 at 07:26:59PM -0800, J C Lawrence wrote: > While true, I'm not sure that the returns on the extra time spent > building and packaging (which can be non-trivial for complex build > environment packages) would be worth it. A friend of mine simply edited his binaries (after making a backup copy, of course). A hexeditor would be optimal, I suppose, but he used vim with no dire consequences. He simply deleted the version string, but you can also just move the NUL character to before the version string in case you want to save it. $ nc www.chaosreigns.com 80 GET / HTTP/1.0 HTTP/1.1 200 OK Date: Fri, 03 Nov 2000 05:01:39 GMT Server: Apache Last-Modified: Tue, 31 Oct 2000 20:51:02 GMT ... $ nc www.chaosreigns.com 22 SSH-1.99-unknown Of course, this may not be the "right" way to do it (as I'm sure some of you will tell me), but he's done this for several months now and had no complaints that I've heard of. (Small plug (he's a close friend): he's got a few small free software packages of his own creation at <http://www.ChaosReigns.com/code/>.) ===