Security

Discussion in 'ASP General' started by Inz Akure, Nov 11, 2003.

  1. Inz Akure

    Inz Akure Guest

    Why not spoof your machine so it appears to be a linux box or ?? You could
    maybe run a linux based proxy, switch your ASP extensions to PHP through
    IIS, create custom error pages to appear to be from a different OS etc.

    Could this cause a hacker to run in circles?
     
    Inz Akure, Nov 11, 2003
    #1
    1. Advertising

  2. Security through obscurity is not security at all. IMHO.

    While that might make an amateur hacker "run in circles" for a few minutes
    at best, it causes more confusion in managing your configuration and
    educating everyone about how it really works, than it ever will to an
    accomplished person trying to compromise your system. A good firewall and
    sound security practices will do far more for security than trying to pull
    two strands of wool over my eyes.





    > Why not spoof your machine so it appears to be a linux box or ?? You could
    > maybe run a linux based proxy, switch your ASP extensions to PHP through
    > IIS, create custom error pages to appear to be from a different OS etc.
    >
    > Could this cause a hacker to run in circles?
     
    Aaron Bertrand [MVP], Nov 11, 2003
    #2
    1. Advertising

  3. Inz Akure

    Inz Akure Guest

    Over your eyes? Uh oh...

    It was just a silly idea I thought I'd throw out there.

    How would be able to discern my system is infact a Windows machine as
    opposed to the proxy you'd be interfacing with?

    Just curious





    "Aaron Bertrand [MVP]" <> wrote in message
    news:%...
    > Security through obscurity is not security at all. IMHO.
    >
    > While that might make an amateur hacker "run in circles" for a few minutes
    > at best, it causes more confusion in managing your configuration and
    > educating everyone about how it really works, than it ever will to an
    > accomplished person trying to compromise your system. A good firewall and
    > sound security practices will do far more for security than trying to pull
    > two strands of wool over my eyes.
    >
    >
    >
    >
    >
    > > Why not spoof your machine so it appears to be a linux box or ?? You

    could
    > > maybe run a linux based proxy, switch your ASP extensions to PHP through
    > > IIS, create custom error pages to appear to be from a different OS etc.
    > >
    > > Could this cause a hacker to run in circles?

    >
    >
     
    Inz Akure, Nov 11, 2003
    #3
  4. Inz Akure

    Ray at Guest

    The quick test, go to yourdomain.com/page.php and then go to
    yourdomain.com/pAgE.php, and then go to yourdomain.com/PaGe.pHP, etc.

    Ray at home

    "Inz Akure" <> wrote in message
    news:...
    >
    >
    > Over your eyes? Uh oh...
    >
    > It was just a silly idea I thought I'd throw out there.
    >
    > How would be able to discern my system is infact a Windows machine as
    > opposed to the proxy you'd be interfacing with?
    >
    > Just curious
    >
    >
    >
    >
    >
    > "Aaron Bertrand [MVP]" <> wrote in message
    > news:%...
    > > Security through obscurity is not security at all. IMHO.
    > >
    > > While that might make an amateur hacker "run in circles" for a few

    minutes
    > > at best, it causes more confusion in managing your configuration and
    > > educating everyone about how it really works, than it ever will to an
    > > accomplished person trying to compromise your system. A good firewall

    and
    > > sound security practices will do far more for security than trying to

    pull
    > > two strands of wool over my eyes.
    > >
    > >
    > >
    > >
    > >
    > > > Why not spoof your machine so it appears to be a linux box or ?? You

    > could
    > > > maybe run a linux based proxy, switch your ASP extensions to PHP

    through
    > > > IIS, create custom error pages to appear to be from a different OS

    etc.
    > > >
    > > > Could this cause a hacker to run in circles?

    > >
    > >

    >
    >
     
    Ray at, Nov 11, 2003
    #4
  5. Inz Akure

    Jeff Cochran Guest

    On Mon, 10 Nov 2003 22:29:53 -0800, "Inz Akure"
    <> wrote:

    >
    >
    >Over your eyes? Uh oh...
    >
    >It was just a silly idea I thought I'd throw out there.
    >
    >How would be able to discern my system is infact a Windows machine as
    >opposed to the proxy you'd be interfacing with?


    The real point is, why would I care what the box was? I can run
    scripts against hundreds of boxes in the time it takes me to figure
    out what you're running. And no matter what your system reports it's
    running, if it has an IIS or ASP or SQL vulnerability, my script will
    hit it. If not, my script will move on to the next box in line.

    Jeff


    >"Aaron Bertrand [MVP]" <> wrote in message
    >news:%...
    >> Security through obscurity is not security at all. IMHO.
    >>
    >> While that might make an amateur hacker "run in circles" for a few minutes
    >> at best, it causes more confusion in managing your configuration and
    >> educating everyone about how it really works, than it ever will to an
    >> accomplished person trying to compromise your system. A good firewall and
    >> sound security practices will do far more for security than trying to pull
    >> two strands of wool over my eyes.
    >>
    >>
    >>
    >>
    >>
    >> > Why not spoof your machine so it appears to be a linux box or ?? You

    >could
    >> > maybe run a linux based proxy, switch your ASP extensions to PHP through
    >> > IIS, create custom error pages to appear to be from a different OS etc.
    >> >
    >> > Could this cause a hacker to run in circles?

    >>
    >>

    >
     
    Jeff Cochran, Nov 12, 2003
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Aaron
    Replies:
    1
    Views:
    389
    John C. Bollinger
    Aug 4, 2003
  2. Marco
    Replies:
    1
    Views:
    2,459
    Roedy Green
    Jan 28, 2006
  3. Akram Baig
    Replies:
    0
    Views:
    356
    Akram Baig
    Apr 7, 2011
  4. Dinis Cruz

    Asp.Net Security Analyser (new security tool by DDPlus)

    Dinis Cruz, Oct 8, 2003, in forum: ASP .Net Security
    Replies:
    2
    Views:
    175
    Dinis Cruz
    Oct 11, 2003
  5. Michael Randrup
    Replies:
    3
    Views:
    347
    Henning Krause [MVP]
    Mar 27, 2006
Loading...

Share This Page