vxp at digital-security.org
Sat Sep 4 12:03:54 PDT 2004
On Sat, 4 Sep 2004, Wesley Shields wrote:
> That is true, but the problem with these kinds of things is that users
> will think that with a simple flip of a sysctl they are secure, when in
> fact that are no more secure than before.
that's also 100% true, however that's why documentation exists. there's
even a security section within it..
we would probably want to add something like 'obscurity is great if it's
only _one of_ the components in your security setup, not _the only_
component'. they might get the point. =)
now, another question arises
i could always code a parser for nmap fingerprints file, but i don't think
that's a good idea to include something like that in the kernel.. what do
you think? hardcode a few OS fingerprint choices, and call it a day ?
in other words, what would you guys say be a _proper_ bsd-style thing to
do, if this were to be done?
More information about the freebsd-net