[Openvas-discuss] Not scanning machines which don't respond to pings

Reindl Harald h.reindl at thelounge.net
Sat Aug 11 14:42:47 CEST 2012



Am 11.08.2012 14:17, schrieb Michael Meyer:
>> "Security By Obscurity" is not a good security
>> but it is a dmaned good ADDITIONAL security for still hardened machines
> 
> No. It implies no safety gain

you really try to explain me that there is no difference between
hide what webserver type you are running instead blowing out

Server: Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze6 with Suhosin-Patch mod_python/3.3.1 Python/2.6.6 mod_ssl/2.2.16
OpenSSL/0.9.8o
X-Powered-By: PHP/5.3.3-7+squeeze6

with each single response?


this is nonsense!

automated attacks are searching vulnerable systems all day long
and they try not all theoretical exploits on every machine as long
the host does not spit out it's configuration and there are millions
of other with a hint to exact matching exploits

_______________


the same as example for phpMyAdmin

all day long robots try to find phpMyAdmin-Setups with standard
locations and after they found one on your machine they will
try to exploit it - if your URL is not in their lists you have
much lesser intrusion attempts, and yes this can make a difference
if there is a known vulerability if someone finds you setup
automated today while you update tomorrow your software

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20120811/e837751e/attachment.asc>


More information about the Openvas-discuss mailing list