security_disscussion_groups_and_strategies

This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.



Date: Thu, 2 Nov 2000 16:07:55 -0800 (PST)
From: Bobby Wen <Bobby.Wen@Eng.Sun.COM>
To: svlug@lists.svlug.org
Subject: [svlug] Security mailing list and discussion board

Hi 

Some people request lsec to post the address of our mailing list and 
web sites after the SVLUG meeting.

Lsec is a special interest group in server security.


The lsec mailing is 
	lsec@linux-consulting.com

send email with "subscribe lsec"  in the body.

The online collaboration board "Lsectwiki" is at 
	emu.kanga.nu

The temporary web site is at 
	www.Linux-Consulting.com/lsec.

====

Date: Thu, 2 Nov 2000 17:18:01 -0800
To: svlug@lists.svlug.org
Subject: Re: [svlug] Security mailing list and discussion board
From: Rick Moen <rick@linuxmafia.com>

Which reminds me:  Ever notice what an awful lot you can learn about a 
site's security, and its potentially vulnerable software, just by what 
its daemon software blabs to the world at large?  E.g.:
 

telnet uncle-enzo.linuxmafia.com 80
Trying 209.81.22.250...
Connected to uncle-enzo.linuxmafia.com.
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.1 200 OK
Date: Fri, 03 Nov 2000 01:03:51 GMT
Server: Apache/1.3.9 (Unix) Debian/GNU PHP/3.0.17-dev AuthMySQL/2.20
Last-Modified: Fri, 02 Jun 2000 02:19:01 GMT
ETag: "2ca002-d62-39371995"
Accept-Ranges: bytes
Content-Length: 3426
Connection: close
Content-Type: text/html
[...]


It strikes me that a minimal amount of security-through-obscurity in
the form of recompiling or configuring one's daemons to make them less
chatty is probably wise.

===

To: Rick Moen <rick@linuxmafia.com>
Subject: Re: [svlug] Security mailing list and discussion board 
Date: Thu, 02 Nov 2000 19:26:59 -0800
From: J C Lawrence <claw@kanga.nu>

On Thu, 2 Nov 2000 17:18:01 -0800 
Rick Moen <rick@linuxmafia.com> wrote:

> It strikes me that a minimal amount of security-through-obscurity
> in the form of recompiling or configuring one's daemons to make
> them less chatty is probably wise.

While true, I'm not sure that the returns on the extra time spent
building and packaging (which can be non-trivial for complex build
environment packages) would be worth it.

===

Date: Fri, 3 Nov 2000 00:21:32 -0500
From: Bill Jonas <bill@billjonas.com>
To: svlug@lists.svlug.org
Cc: Darxus <Darxus@ChaosReigns.com>
Subject: Re: [svlug] Security mailing list and discussion board

On Thu, Nov 02, 2000 at 07:26:59PM -0800, J C Lawrence wrote:
> While true, I'm not sure that the returns on the extra time spent
> building and packaging (which can be non-trivial for complex build
> environment packages) would be worth it.

A friend of mine simply edited his binaries (after making a backup copy, of
course).  A hexeditor would be optimal, I suppose, but he used vim with no
dire consequences.  He simply deleted the version string, but you can also
just move the NUL character to before the version string in case you want
to save it.

$ nc www.chaosreigns.com 80
GET / HTTP/1.0

HTTP/1.1 200 OK
Date: Fri, 03 Nov 2000 05:01:39 GMT
Server: Apache
Last-Modified: Tue, 31 Oct 2000 20:51:02 GMT
...
$ nc www.chaosreigns.com 22
SSH-1.99-unknown

Of course, this may not be the "right" way to do it (as I'm sure some of
you will tell me), but he's done this for several months now and had no
complaints that I've heard of.  (Small plug (he's a close friend): he's got
a few small free software packages of his own creation at
<http://www.ChaosReigns.com/code/>.)


===


the rest of The Pile (a partial mailing list archive)

doom@kzsu.stanford.edu