[Catalyst] Can you tell if a server is running Catalyst?

Brandon Black blblack at gmail.com
Thu May 18 19:45:47 CEST 2006


On 5/18/06, Wade.Stuart at fallon.com <Wade.Stuart at fallon.com> wrote:
> "Security though obscurity" (STO from now on) is the name describing the
> practice of lowering the amount of knowledge available to the attack
> vector.

"STO" can also be (maybe not by the official definition, but by mine
anyways) statistical obscurity of your machine/software/device.  For
instance, I run my Linux-based firewall box at home on an old
UltraSparc, rather than a faster and more convenient/easy x86.

I do this because the vast majority of the apache/ssh/etc attacks that
get spammed around the net randomly looking for vulnerabilities tend
to target x86 with their buffer overflow shellcode, and just won't
function correctly on an UltraSparc, even if they do manage to crash a
daemon or two.

By using a less-common peice of hardware, my resistance to random
attacks is considerably higher than average.  Doesn't do a thing to
alter my chances against a determined and targetted attack of course.
But the random attackers really don't care to waste the time detecting
and specializing for oddball platforms.

-- Brandon



More information about the Catalyst mailing list