A security Leakage??

[jockey0109]

I was just trying to find out more about how to connect my phone on linux on my ISP website...then I started using google when I didn't see any results there...and I got this from the google's cache:

http://72.14.235.104/search?q=cache:...n&ct=clnk&cd=1

Later I tried to find out the OS on the offcial MAIN site. Nmap said that it might be Windows system but it was not sure about it!! So isn't it a leakage in the security of system coz it revals such an Important info about the system??? I know it is minimal amount of info but then it revals it to even normal people who know what a google-cache is!!

Thanks.

[webDEViL]

thats cache, that could be history. and more over I dont think that is a web server generated error or something.
it could be a windows 2000 box asked to echo "windows 2003"
although I dont believe airtel would do that.

[jockey0109]

And hey.... that website has been removed ... it no longer exists...I tried open it through many ways but it wont open. It is deleted!! So I dont care about that.

[rock_bill]

that website has been removed

Well Jockey I too was trying on that but finally I agree with webDEViL, it its cache.........

[jockey0109]

hmmm... rock... I know its cache...and ONLY cache. What I wanted to tell is that...if someone does something like that in real life...what could be the consequenbces...I mean displaying the OS along with version in case of errors is a deadly mistake in configuration.

[nihil]

I mean displaying the OS along with version in case of errors is a deadly mistake in configuration.

Why?

[jockey0109]

Well it might happen that an attacker will be able to find out vulnerability in the system in case the system is set to hide its idenetitiy at other points by changiung the daemon banners, error messages and the TTL value of course. In these cases, attackers usually get confused...but telling them the OS is of course a mistake....and that too when its WINDOWS.....eh!!??

Anyway to some extent itmight not be that much of important because the system of course gonna be protected at other points and well!!!!

Thanks

[nihil]

Well, I can see what you are saying, but I tend to look at this subject from the bad guys' viewpoint

If you look at most attacks these days, they are automatic or robotic. This is largely why "security through obscurity" seems to work to an extent. Its main drawback is that it is unpredictable and unreliable. If someone actually knows that there is a computer there they will be able to attack it. It is effective against trivial preliminary probing of a block of IP addresses, as these might well be legitimately not in use, so the bot moves on.

Having decided to attack a particular IP address, the next step is to find out if there are any vulnerable services running for which the bad guy has an exploit. In the automated attack environment of today, the simplest method would be to run them and see what happens?

If nothing happens, the bad guy will usually assume that the system has been secured in some way and will move on. He doesn't really care why the attack failed.

We get a lot of wildlife films on UK television so I tend to use the analogy of the herd of antelope being attacked by a predator. The fast and the strong survive, and the weak and slow get killed and eaten. Well, there are a lot of "slow and weak antelope" connected to the internet, and that tends to dictate predators' tactics?

Another point to consider, is the nature of the exploits and malware that have been discovered in the past few years. Most will run on any unpatched flavour of Windows from 9x upwards................ so the actual version is pretty irrelevant information to the attacker. What I am saying is that non-Windows systems and secured systems get attacked as much as vulnerable Windows ones, it is just that the attacks don't work on that platform or in that environment.

Also remember that attacks can be directed at applications as well as operating systems..............

[HTRegz]

Originally posted here by nihil
Well, I can see what you are saying, but I tend to look at this subject from the bad guys' viewpoint

If you look at most attacks these days, they are automatic or robotic. This is largely why "security through obscurity" seems to work to an extent. Its main drawback is that it is unpredictable and unreliable. If someone actually knows that there is a computer there they will be able to attack it. It is effective against trivial preliminary probing of a block of IP addresses, as these might well be legitimately not in use, so the bot moves on.

Having decided to attack a particular IP address, the next step is to find out if there are any vulnerable services running for which the bad guy has an exploit. In the automated attack environment of today, the simplest method would be to run them and see what happens?

If nothing happens, the bad guy will usually assume that the system has been secured in some way and will move on. He doesn't really care why the attack failed.

We get a lot of wildlife films on UK television so I tend to use the analogy of the herd of antelope being attacked by a predator. The fast and the strong survive, and the weak and slow get killed and eaten. Well, there are a lot of "slow and weak antelope" connected to the internet, and that tends to dictate predators' tactics?

Another point to consider, is the nature of the exploits and malware that have been discovered in the past few years. Most will run on any unpatched flavour of Windows from 9x upwards................ so the actual version is pretty irrelevant information to the attacker. What I am saying is that non-Windows systems and secured systems get attacked as much as vulnerable Windows ones, it is just that the attacks don't work on that platform or in that environment.

Also remember that attacks can be directed at applications as well as operating systems..............

So I have to disagree with you here (big surprise eh)...

Revealing data on a system is a mistake... You don't want me to remotely know what operating system your running.. You don't want me to remotely know what software you are running.. What version of BIND your DNS server is running or what version of postfix your mail server is running..

That's why people change their apache and iis banners, take ServerMask for Example. Sure it's security through obscurity... but it's enough to confuse automatic fingerprinting software.

Sure... some attacks will just run the attacks and they'll work.. but there are others that will fingerprint (even if they run nmap -sV at an entire /24) and this can be enough to discourage them...

There are times when programmers miswrite code and display too much info... It shouldn't happen... There's no reason that say DB2 for example should tell me the exact details of the installed database with any credentials... but it will...

So while it may not be beneficial to hide the information... there's zero benefit to openly displaying the information.

Peace,
HT

[nihil]

Hmmmm,

It is really a question of degrees, is it not?.................... after all, you can safely assume that 80% or more of computers on the net are running some flavour of Windows, and that this will be 98SE or later.

You don't want me to remotely know what operating system your running

Windows 2000 Pro SP4, fully patched as of August 2006

Does that help you?................not really

What would potentially be of use would be what services and applications I am running?

However, I still maintain that the majority of attacks these days are of a robotic nature, at least at their inception. Consequently, information on my OS is irrelevant, as it is never gathered. The bot only wants to know if the exploit works......................it really does not care why