(Ovid - Security from Obscurity) RE(2): Echo off in IO::Sockets

I remember when I originally read this thread that I definitely agreed with those who felt you were trying to develop a cracking tool. They felt, on that basis, that it would be improper to answer your question.

I can see from what you have written that you have stated a somewhat legitimate reason for your qustion, but I still feel that it would be improper to answer your question (to be fair, I haven't used IO::Sockets, so I couldn't answer the question even if I wanted to).

Basically, what you are asking is for help creating security by obscurity. This is arguably the worst method of creating security. If, for some reason, a cracker wanted to take a run at your box, do you really believe that sending out signals suggesting your box is 3 different OSs is really going to fool anyone? If you have a moderately secure box, it might fool the casual user, but that's about it.

Learn how to tighten down your box properly and you won't have to worry about useless tricks like this.

Cheers,
Ovid

Comment on (Ovid - Security from Obscurity) RE(2): Echo off in IO::Sockets

Replies are listed 'Best First'.
RE: (Ovid - Security from Obscurity) RE(2): Echo off in IO::Sockets by mischief (Hermit) on Sep 04, 2000 at 04:11 UTC
> I still feel that it would be improper to answer your question Personally, I think that at least in this case it would be much better to answer with an alternate solution to the problem rather than just not answering it because you feel that the questioner is asking the wrong question. Sometimes I spend ages figuring a particular problem out, only to find out later that what I've spent the last 4 hours scratching my head over is not what I'm looking for at all. That doesn't mean I've wasted the last hour; I'm still learning and every problem I solve is something learnt.	[reply]
RE (tilly) 2: (Ovid - Security from Obscurity) RE(2): Echo off in IO::Sockets by tilly (Archbishop) on Sep 04, 2000 at 05:56 UTC
Ovid did propose an alternate solution. He said to learn how to lock the box down properly and then don't bother with the fake telnet client. I second that and if the Linux box is Red Hat or a Red Hat derivative I can specifically recommend downloading and trying out Bastille Linux (a series of scripts to walk you through locking your own box down) to both improve your security and teach you what some of the issues are. (Alternately look at OpenBSD.)	[reply]