From owner-freebsd-security Sat Nov 28 01:01:50 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA21012 for freebsd-security-outgoing; Sat, 28 Nov 1998 01:01:50 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ol.kyrnet.kg (ol.kyrnet.kg [195.254.160.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA21006 for ; Sat, 28 Nov 1998 01:01:33 -0800 (PST) (envelope-from fygrave@tigerteam.net) Received: from gizmo.kyrnet.kg (IDENT:fygrave@gizmo.kyrnet.kg [192.168.1.125]) by ol.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id NAA23902 for ; Sat, 28 Nov 1998 13:31:04 +0600 Received: from localhost (fygrave@localhost) by gizmo.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id NAA05168 for ; Sat, 28 Nov 1998 13:59:24 +0500 X-Authentication-Warning: gizmo.kyrnet.kg: fygrave owned process doing -bs Date: Sat, 28 Nov 1998 13:59:23 +0500 (KGT) From: CyberPsychotic X-Sender: fygrave@gizmo.kyrnet.kg To: freebsd-security@FreeBSD.ORG Subject: Detecting remote host type and so on.. Message-ID: Confirm-receipt-to: fygrave@usa.net MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello people, This is probably abit offtopic, but anyway, That is not good when someone could figure out what platform you're running your Apache on. Recently I checked site http://www.netcraft.com which could tell you what server and on what platform you're running. They don't provide source for the code, so I just put my sniffer on, and pushed the button (they have webform) to see what that will do. All that box did, was a connection to my 80 port and issuing command HEAD / HTTP/1.0. All what comes for responce is: HTTP/1.0 200 OK Date: Sat, 28 Nov 1998 08:33:05 GMT Server: Apache/1.2.5 Last-Modified: Fri, 30 Jan 1998 06:30:47 GMT ETag: "11dc01-561-34d17397" Content-Length: 1377 Accept-Ranges: bytes Content-Type: text/html Age: 0 Connection: close --- So the place where it picks the type of WebServer is obvious: Server tag. But I wonder how would that figure out what platform I am running.. What comes in mind is that Etag here is something which purpose I don't understand. If that is a platform specific thing, maybe they just did checks on different plattforms and made pre-recordings? would appreciate any hints, best regards ~Fyodor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message