[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Mysql, Openssh-Headers



On Friday 20 February 2004 16:04, Kai Pfeiffer wrote:
> Hello list,
>
> according to Stefans question to the topic "apache Header" I have the same
> question for Mysql and Openssh. Is it possible to keep them more quiet if
> my box is scanned by eg. nmap.I use rpm's from suse.

Hm. Openssh version changing sounds impossible to me; because the handshake 
includes various version and protocol- babble (see 'ssh -v ...') I doubt you 
could "just change" things; then the handshake is liable to fail somewhere.

On the subject of mysql, you should seriously consider NOT opening the mysql 
port at all. And if you really must insist, firewall it off then for all but 
the handful of hosts that need that access. 
And thus, you won't need any version-tweaking anymore.

In general, as said by others, hiding or changing the versions don't get you 
much.  It's analogous to filing off the brand of the lock on your front door.
It won't help you; firstly because most lock-picking sets will work on it 
anyhow, and secondly, a real pro knows at one glance what brand, type and 
make of lock you have without even needing any brand on it.

Greetings
Maarten 

> Thanks
>
> Kai Pfeiffer

-- 
Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here