Date: Fri, 6 Jul 2001 12:06:35 -0500 (PDT) From: appleseed@hushmail.com To: freebsd-security@FreeBSD.ORG Cc: Khalil.Haddad@ubs.com Subject: Re: Hiding Versions Message-ID: <200107061929.MAA30700@user7.hushmail.com>
next in thread | raw e-mail | index | archive | help
--Hushpart_boundary_wqTfrGhjiEbulCjGyoebZhzAceFJAXTb Content-type: text/plain Sup =) You recently wrote this: >After visiting this web site : www.netcraft.com, I discovered that it >is possible to trace version changes of OS, apache or php. > *snip* >I wanted to know how this was possible, if FreeBSD stores version >history somewhere. What should I do to secure this and how, because >knowing that anyone can get the history of version changes on your >system doesn't make you fell secure... > >By the way, the output for my server gives me Apache/1.3.19 but i have >upgraded to 1.3.20 recently, why hasn't this been taken in >consideration? (i used ports to upgrade) > >Thank you for your help. > >Khalil Well, netcraft uses a query to the webserver then reads the header of the response looking for the 'Server' string. Defined in rfc1945 the 'Server' header variable/value pair describes the webserver software running on the target host. I've only audited certain segments of the apache server (and dont run apache myself) so I am not sure if they allow you to redefine the Server string sent with request responses. However, if they are fully rfc1945 compliant they will allow you to redefine the 'Server' string. =) As far as the operating system goes netcraft performs tcp/ip fingerprinting on the target host to determine OS information. If you want to block this information snag yourself a good firewall (pitch IPF here cuz it rockz!) and load up a good ruleset. I wont tell you how I define my ruleset, but, you are better off determining what is best for you. I will say that certain tricks will disturb nmap and friend's logic while constructing a remote operating system fingerprint. Good luck =) northern_ Free, encrypted, secure Web-based email at www.hushmail.com --Hushpart_boundary_wqTfrGhjiEbulCjGyoebZhzAceFJAXTb-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107061929.MAA30700>