From owner-freebsd-questions Wed Jul 11 16:14:11 2001 Delivered-To: freebsd-questions@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-132.dsl.lsan03.pacbell.net [63.207.60.132]) by hub.freebsd.org (Postfix) with ESMTP id 5631A37B403 for ; Wed, 11 Jul 2001 16:14:07 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 2698C66D72; Wed, 11 Jul 2001 16:14:05 -0700 (PDT) Date: Wed, 11 Jul 2001 16:14:05 -0700 From: Kris Kennaway To: Peter Kok Cc: "freebsd-questions@FreeBSD.ORG" Subject: Re: security: scan my server Message-ID: <20010711161405.C90157@xor.obsecurity.org> References: <3B4BAA48.9C955F1A@hotmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="RIYY1s2vRbPFwWeW" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3B4BAA48.9C955F1A@hotmail.com>; from cckok00@hotmail.com on Tue, Jul 10, 2001 at 09:22:16PM -0400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --RIYY1s2vRbPFwWeW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jul 10, 2001 at 09:22:16PM -0400, Peter Kok wrote: > That mean it is not security! >=20 > How do I avoid its scan? and > How do they can know which OS of the server? The short answer is that your web server reports the OS type upon request. The longer answer is that even if you stop the web server from doing this, it won't matter, because anyone can tell what OS it's running anyway using other methods -- this is true no matter which OS you run, and there's nothing you can do about it. The reasons are technical, but basically every different OS on the net behaves slightly differently when sending and receiving traffic, and if you know what to look for you can identify it by looking for these differences. It's a completely automated process and there are several tools which can probe any desired system like this (the most complete and popualr being nmap, available in the ports collection). There's nothing you can do about this short of making sure your system does not respond to any packets received from the internet, i.e. closing off all external services and placing your system behind a restrictive firewall. If you want to offer services to the world, like a http server, you have to live with this fact and make sure that your system is secure enough that knowing the OS doesn't help attackers. This is something you have to do anyway, because even if they couldn't tell what OS you're running, they could guess and proceed from there with various possible attacks. Kris --RIYY1s2vRbPFwWeW Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7TN29Wry0BWjoQKURAmBFAKCXDQLghh3+v5xxad8SSHqm2MoVqgCcDovt CTY21OrgoiiRLqv9sqihpIg= =xifF -----END PGP SIGNATURE----- --RIYY1s2vRbPFwWeW-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message