|
From: | Jan-Henrik Haukeland |
Subject: | Re: [Announce/Security Advisory] monit 4.1.1 released |
Date: | Tue, 25 Nov 2003 18:18:20 +0100 |
User-agent: | Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Reasonable Discussion, linux) |
>>I can understand this request and many web-servers offer a configure >>switch to turn off the server version number reported in the server >>header field and elsewhere. It's seldom used though because it is (at >>best) "security through obscurity" and offer no protection at all. Andreas Rust <address@hidden> writes: > That's right and that's also what I had on my mind. :) However, it > is infact much faster finding a working exploit whenever you know > details about versions. Whenever someone is going after a special > service they start off by checking the version number. Okay, the request is noted and will be part of a next release. See item 4 in our project plan: http://www.tildeslash.com/monit/next.html > I for my part put in iptable rules That is a smart thing to do. When possible everyone should filter out access to monit from the outside at least from not known hosts. -- Jan-Henrik Haukeland
[Prev in Thread] | Current Thread | [Next in Thread] |