Once upon a time, Reindl Harald <h.reindl@xxxxxxxxxxxxx> said: > no, one keys of security is to provide as less informations as > absolutely necessary, not only for sshd, for every single > service That's a key for a false sense of security. > in the best case no single foreign person has an idea > what software you are currently running, not what OS > nor what service-software and at least no exact version Then go ahead cut the power cord. Things such as TCP fingerprinting will always work (because no two IP stacks are identical). Connecting to a service will often be able to identify it because no two programs implement standards the same way. If you think you need that level of security, you need to run a full application-level proxy in front of every server, and then watch it break regularly (because they never get all the application filtering correct). Then wait for the security holes in the proxy. -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
