Date: Wed, 16 Dec 1998 05:13:30 -0800 From: "Jan B. Koum " <jkb@best.com> To: Robert Watson <robert+freebsd@cyrus.watson.org>, CyberPsychotic <fygrave@tigerteam.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Detecting remote host type and so on.. Message-ID: <19981216051330.A28228@best.com> In-Reply-To: <Pine.BSF.3.96.981128163124.2929D-100000@fledge.watson.org>; from Robert Watson on Sat, Nov 28, 1998 at 04:35:27PM -0500 References: <Pine.LNX.4.05.9811281331240.4308-100000@gizmo.kyrnet.kg> <Pine.BSF.3.96.981128163124.2929D-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Nov 28, 1998 at 04:35:27PM -0500, Robert Watson <robert@cyrus.watson.org> wrote: > On Sat, 28 Nov 1998, CyberPsychotic wrote: > > > Hello people, > > This is probably abit offtopic, but anyway, That is not good when someone > > could figure out what platform you're running your Apache on. Recently I > > checked site http://www.netcraft.com which could tell you what server and > > on what platform you're running. They don't provide source for the code, > > so I just put my sniffer on, and pushed the button (they have webform) to > > see what that will do. All that box did, was a connection to my 80 port > > and issuing command HEAD / HTTP/1.0. All what comes for responce is: > > As far as I can tell, it is almost impossible to disguise the operating > system that you are running. Most platforms display distinctive banners, > have quirks in their IP implementation, or just made different design > choices that may be distinguished remotely (for example, choices about > timeouts, fragmentation issues, etc). While you can attempt to hide the > platform by disabling as many services as possible, removing banners, and > hiding behind a firewall that reformats packets and connections, there is > really not a whole lot to do. I find leaving the information there is > often more useful than not -- attempting to exploit a bug doesn't require > knowledge of the OS/version (try all versions you have an exploit for :), > but having the version information there can be useful in debugging > interoperability problems. > > Sort of like having the sendmail version there -- makes it easier to debug > problems, and lets you use wholesale network scanners to find old > versions; but for someone to try to exploit a bug they just try it out. > If you care a whole bunch, it could probably be cleaned up a bit, but I'm > not sure its worth the trouble. If you think the server says too much, > look at what your average WWW browser spews to the server :). > > > Robert N Watson > > robert@fledge.watson.org http://www.watson.org/~robert/ > PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C > > Carnegie Mellon University http://www.cmu.edu/ > TIS Labs at Network Associates, Inc. http://www.tis.com/ > SafePort Network Services http://www.safeport.com/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message And yet another old thread, but now is the time. :) The nmap2 port scanner was released last night and it has support for remote OS fingerprinting. Ever wanted to find out exactly what OS someone was running on a device which has a TCP/IP stack? Now you can do so very easy. Get nmap from http://www.insecure.org/nmap - or from ports since the port was upgrade last night to the 2.0 version. -- Yan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981216051330.A28228>