<div dir="ltr"><div>This bruteforce approach required even more resources than intelligent one. I mean resources required for creating attacking network. First of all someone should write this bot, debug(!) it, then apply it to controlled botnet, that should be created before attack. That isn't so simple IMO.</div>
<div>And even scanning of IP for non-standard port numbers can be detected by target system with appropriate action.<br></div><div style><br></div><div style>Dmitry.</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
2013/6/23 Steven Ayre <span dir="ltr"><<a href="mailto:steveayre@gmail.com" target="_blank">steveayre@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Except the approach of a bot trying known exploits is automated. It doesn't take any effort of the hacker's time. It's not on his machine so doesn't even use his resources (time/CPU/bandwidth). It doesn't even need to check what software is running, simply trying everything in the book is sufficient. And that could be done in a couple of minutes.<div>
<br></div><div>-Steve</div><div class="HOEnZb"><div class="h5"><div><br></div><div><br><br><div class="gmail_quote">On 23 June 2013 15:45, Dmitry Lysenko <span dir="ltr"><<a href="mailto:dvl36.ripe.nick@gmail.com" target="_blank">dvl36.ripe.nick@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">The more work should be done by hacker, the more secure system is.<div>So, "security by obscurity" is working, not so good, but thousands of years.<br>
</div></div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">
2013/6/21 Steven Ayre <span dir="ltr"><<a href="mailto:steveayre@gmail.com" target="_blank">steveayre@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">2) </span><u style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">Security trough obscurity != security</u><span style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif"> its always better than nothing. " hey you don't need to guess the <br>
</span><span style="color:rgb(34,34,34);font-size:13px;font-family:arial,sans-serif">the software I'm using , I'm giving the info for free just find an entry point and you got it ...."</span></blockquote>
<div><br></div></div><div>Actually I'd argue the opposite. Security through obscurity often makes people assume they're secure and therefore neglect securing their systems in the places that actually matter.</div>
<div>
<br>
</div><div>The only argument I can really see of hiding that you're running $version of $product is that an bug in that $version means an exploit exists.</div><div><br></div><div>If that's the case then you need to upgrade to a patched copy of $product - you can NOT rely on the fact that people will not realise that they can use the exploit because you're hiding what you're running.</div>
<div><br></div><div>The flaw still exists and attackers might either a) guess you're using $product and try the exploit anyway or b) have their bot just randomly try every exploit in the book against you until one works in which case they don't even need to know you're using $product.</div>
<div><br></div><div>The things that matte are actually verifying your authentication is working correctly, you're running the latest software, you're following software updates / security announcements, etc.</div>
<div><br></div><div>Besides even when $product/$version are hidden they can often be found through fingerprinting by looking at differing behaviour between different products and within a product between versions.</div><div>
<br></div><div>-Steve</div><div><div><div><br></div><div><br></div><div><br></div><div><br><div class="gmail_quote">On 21 June 2013 07:59, Antonio Teixeira <span dir="ltr"><<a href="mailto:eagle.antonio@gmail.com" target="_blank">eagle.antonio@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>@Ken<br>
I think we need to drop into the real world...<br>
<br>
1) Ok .,... Don't forget to say thanks to Debian , CentOs , Fedora
, PHP , Python , Microsoft , all the authors of the OpenSource
Libs , the creator of Make , the creator of the IDE that the Dev
team uses , etc etc when you deliver the next project to your
client ...<br>
<br>
2)<br>
<u>Security trough obscurity != security</u> its always better
than nothing. " hey you don't need to guess the <br>
the software I'm using , I'm giving the info for free just find an
entry point and you got it ...."<br>
<br>
I could also imagine you agree with showing the version of the
software in the HTPP headers (stuff that happens on some
webservers/libs ( from my ming i can recall Django?!).<br>
<br>
3)<br>
The clients pays it doesn't really care about what software you
use ( unless he fears some patent infringement) he wants results.<br>
<br>
4)<br>
No , Compliance could be internal or external the end-client could
simply say "i don't want the freeswitch brand".<br>
<br>
<br>
---- ///// ----<br>
@all<br>
I don't know you guys but my daily work is developing software for
some fairly large financial institutions and sincerely i think you
are all over reacting to this thing.<br>
Yes if you open-source something you will get part of your
software stolen , changed or use in a way you were not expecting
and not given credit for , that's life .If you don't want it ,
close the source , resell it , ask for NDA's , etc.<br>
In my daily work me and my collegues use alot of open source (
contrary to the popular belief) , closed source and everything in
between and you don't expect a public statement thanking anyone
for anything.<br>
<br>
This is the way life works and with open-source this is our
current world ( i think the FS Team could even offer a fully
custom branded solution) so it could help monetize the project.<br>
<br>
And before you start thinking yes i bought G729 licenses , the FS
Book even before it was out and no to many miles between me and
Gluecon , yes i know airplanes exist :D.<br>
<br>
P.S - I Also assume that you all as sysadmins once found a problem
that a blogger may have solved and on your final report to the
administration you didn't wrote " problem solved by Blogger
XXXXXX"....<br>
<br>
And never forget he is just the mailman sometimes the boss wants
something ( even if not morally correct ) and you have to do it. <br>
But the point raised by Anthony regarding the SDP "freeswitch
flag" is important and you be featured on the wiki :)<span><font color="#888888"><br>
<br>
Antonio Teixeira</font></span><div><div><br>
<br>
<br>
On 6/19/13 3:49 PM, Ken Rice wrote:<br>
</div></div></div><div><div>
<blockquote type="cite">
<pre>Ok... Lets look at these...
Branding... I don't want to show people that I'm using F/OSS software for
running my for profit business so I can tell them I'm using either
${some_comercial_platform} or ${we_developed_this_ourselves}
Security/Security Requirements - Security throught obscurity != security...
Client Requirements - That's a new one one... Unless client is <see
branding>
Compliance - isnt this the same thing as see security
On 6/19/13 8:44 AM, "Antonio Teixeira" <a href="mailto:eagle.antonio@gmail.com" target="_blank"><eagle.antonio@gmail.com></a> wrote:
</pre>
<blockquote type="cite">
<pre>I could think off
Branding
Security
Client Requirements
Security Requirements
Compliance
On 6/19/13 2:37 PM, Michael Jerris wrote:
</pre>
<blockquote type="cite">
<pre>Why would you want to do that?
On Jun 19, 2013, at 9:28 AM, Abdullah <a href="mailto:abdullah@smonte.com" target="_blank"><abdullah@smonte.com></a> wrote:
</pre>
<blockquote type="cite">
<pre>HI ALL ,
please help me ,how to change or remove o=*"FreeSWITCH"* in free switch Cli
Log .
any idea ??
o=FreeSWITCH 1369449071 1369449072 IN IP4 10.10.50.1
s=FreeSWITCH
c=IN IP4 10.10.50.1
</pre>
</blockquote>
<pre>_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a>
Official FreeSWITCH Sites
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
</pre>
</blockquote>
<pre>_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a>
Official FreeSWITCH Sites
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
</pre>
</blockquote>
</blockquote>
<br>
</div></div></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>
</div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>
</div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>
</div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>