[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Announce/Security Advisory] monit 4.1.1 released

From: Jan-Henrik Haukeland
Subject: Re: [Announce/Security Advisory] monit 4.1.1 released
Date: Tue, 25 Nov 2003 18:18:20 +0100
User-agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.4 (Reasonable Discussion, linux)

>>I can understand this request and many web-servers offer a configure
>>switch to turn off the server version number reported in the server
>>header field and elsewhere. It's seldom used though because it is (at
>>best) "security through obscurity" and offer no protection at all.

Andreas Rust <address@hidden> writes:

> That's right and that's also what I had on my mind. :) However, it
> is infact much faster finding a working exploit whenever you know
> details about versions. Whenever someone is going after a special
> service they start off by checking the version number.

Okay, the request is noted and will be part of a next release. See
item 4 in our project plan:

> I for my part put in iptable rules 

That is a smart thing to do. When possible everyone should filter out
access to monit from the outside at least from not known hosts.

Jan-Henrik Haukeland

reply via email to

[Prev in Thread] Current Thread [Next in Thread]