Christopher James Coleman
ug97cjc at cs.bham.ac.uk
Fri Mar 5 17:11:46 PST 2004
On Fri, 5 Mar 2004 ken_i_m at elegantinnovations.net wrote:
> On Fri, Mar 05, 2004 at 09:32:54PM +0000, Christopher James Coleman
> (ug97cjc at cs.bham.ac.uk) wrote:
> Since you are an admited non-authority then this is really just a matter
> of personal preference. As such I prefer proftpd. However, since you
> have "read through the code" does vsftpd support ftp over tls?
Not as far as I remember. However: I am talking about security from a
standpoint of the code quality, you are talking about security from a
standpoint of encrypted channels.
> > > OpenSSH changed version to "SSH_3.2.3"
> > This may `trick' people into thinking you are running a version.
> About the only time suppressing a daemon's banner really matters is
> during a "vulnerability window". Since you are applying the patch
> within minutes it is a moot point. :-)
> The other reason I have come to this opinion is that a friend's
> hobby is fingerprinting daemon's. He is rather good at it.
Sorry, the point I was making here was not related to spoofing banners in
general, but related directly to SSH. Which, speaking only from OpenSSH,
uses banners in order to do what I stated in my previous post. I was
stating that that measure may trick some people ( and it may ), but it may
also cause interoperability issues in SSH.
In general, banner spoofing is pointless - due, as you rightly said, to
the way that many attacks occur without any prior checking.
More information about the hlfs-dev