Re: [Exim] hiding software type & version

Top Page
Delete this message
Reply to this message
Author: Tabor J. Wells
Date:  
To: Timothy Arnold
CC: exim-users
Subject: Re: [Exim] hiding software type & version
On Mon, Dec 23, 2002 at 12:57:35PM -0000,
Timothy Arnold <timothy.arnold@???> is thought to have said:

> We use a company called NTA Monitor.
>
> This was only a 'Low' warning, but I still think, for the sake of one line
> in a configuration file, is a very good thing to do. Why should we give them
> any more information than we need to?


Because fundamentally you haven't done *anything* to secure your site. They
still have all the information they need to determine that you're running
Exim. It is almost always trivial to determine what a MTA is based on how they
respond to other SMTP commands like EHLO, MAIL FROM, RCPT TO, or the response
at the end of DATA showing the queue id of the submitted message.

If you're really going to try and hide what MTA you're running you're going
to have to do a lot of code edits to make every possible response in the SMTP
session look like something else.

And frankly if you're going to go to that trouble, you're probably going to
introduce more bugs than anything else. You certainly won't have secured
your site in any way. You'll do more to secure your site by tracking lists
like bugtraq and reading the changelogs of updates to the various software
packages which you make publically accessible.

Tabor

--
--------------------------------------------------------------------
Tabor J. Wells                                     twells@???
Fsck It!                 Just another victim of the ambient morality