OT: Sendmail
Raymond Dijkxhoorn
raymond at PROLOCATION.NET
Fri Sep 19 00:05:09 IST 2003
Res,
> > This implies a security risk, with version scanners. Admins on the box
> > can do a rpm -q sendmail ...
> Most scanners that use versions are braindead and should NEVER be used in
> the first place, for instance nesus reckons mines insecure, it reckons
> mines open to VRFY, but it certainly is not, those thongs are only
> guesses.
I also do CERT work, and seriously, if you list versions, no matter how
stupid you think it is, it will attract hackers. They do a map on a
complete network and pick out scripted the things they need. If you for
example leave out your Apache identifier a lot of hackers just leave it
alone. Its perhaps a braindead braindead hacker, but a lot of them do.
There are plenty of easy targets out there....
So sure, tools generate perhaps false positives, but they still do.
The number of SSH scans going on currently is very high, and they only
collect version numbers most of the time, so if a exploit comes out they
can fire that on their collected list... Id rather not be in the list.
Perhaps its braindead, and gives false positives but its a good start ...
for hackers...
Bye,
Raymond.
More information about the MailScanner
mailing list