(no subject)

Christopher James Coleman ug97cjc at cs.bham.ac.uk
Fri Mar 5 17:11:46 PST 2004


On Fri, 5 Mar 2004 ken_i_m at elegantinnovations.net wrote:

> On Fri, Mar 05, 2004 at 09:32:54PM +0000, Christopher James Coleman
> (ug97cjc at cs.bham.ac.uk) wrote:
>
> Since you are an admited non-authority then this is really just a matter
> of personal preference.  As such I prefer proftpd.  However, since you
> have "read through the code" does vsftpd support ftp over tls?

Not as far as I remember. However: I am talking about security from a
standpoint of the code quality, you are talking about security from a
standpoint of encrypted channels.

> > > OpenSSH changed version to "SSH_3.2.3"
> >
> > This may `trick' people into thinking you are running a version.
>
> About the only time suppressing a daemon's banner really matters is
> during a "vulnerability window".  Since you are applying the patch
> within minutes it is a moot point. :-)
>
> The other reason I have come to this opinion is that a friend's
> hobby is fingerprinting daemon's.  He is rather good at it.

Sorry, the point I was making here was not related to spoofing banners in
general, but related directly to SSH. Which, speaking only from OpenSSH,
uses banners in order to do what I stated in my previous post. I was
stating that that measure may trick some people ( and it may ), but it may
also cause interoperability issues in SSH.

In general, banner spoofing is pointless - due, as you rightly said, to
the way that many attacks occur without any prior checking.

- chris



More information about the hlfs-dev mailing list