Update to BCP-38?

Tue Oct 8 16:19:40 UTC 2019

>Not everyone attacking your systems is going to have the skills or
>knowledge to get in though - simple tricks (like hiding what web server
>you use) can prevent casual attacks from script kiddies and others who
>aren't committed to targeting you, freeing your security teams to focus
>on the serious threats.

And this is based on what evidence?  It also defies logic.  By
definition script-kiddies run scripts.  If you remove the identification
those scripts can no longer identify what is running, and therefore will
continue to attack it.  What would be useful is to replace that with
alternative "disinformation" headers so that the script-kiddies scripts
will get a positive result, but that result will not be what they are
looking for, so they will go away.  Until having disinformation headers
gets the same "old wives tale" status as "remove the identifying
headers".  At which point either course of either action is a waste of
effort and $$$ because the script-kiddies will just ignore it as it will
be just as cost effective to run the exploit and see what happens.

In other words, simple tricks are exactly that.  They usually do exactly
the opposite of what the "simple tricker" thought they were doing, or do
nothing useful at all.  Which means that effort and $$$ have been
expended at best on a useless endeavour, and at worst one which
increased the very activity it was designed to thwart.  One would have
been far better off putting the $$$ in the slush-fund and using it when
some particularly persistent script-kiddie showed up so you could afford
to add a filter to the firewall.  

-- 
The fact that there's a Highway to Hell but only a Stairway to Heaven
says a lot about anticipated traffic volume.