Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 28 Nov 1998 16:35:27 -0500 (EST)
From:      Robert Watson <robert@cyrus.watson.org>
To:        CyberPsychotic <fygrave@tigerteam.net>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Detecting remote host type and so on..
Message-ID:  <Pine.BSF.3.96.981128163124.2929D-100000@fledge.watson.org>
In-Reply-To: <Pine.LNX.4.05.9811281331240.4308-100000@gizmo.kyrnet.kg>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 28 Nov 1998, CyberPsychotic wrote:

> Hello people,
>  This is probably abit offtopic, but anyway, That is not good when someone
> could figure out what platform you're running your Apache on. Recently I
> checked site http://www.netcraft.com which could tell you what server and
> on what platform you're running. They don't provide source for the code,
> so I just put my sniffer on, and pushed the button (they have webform) to
> see what that will do. All that box did, was a connection to my 80 port
> and issuing command HEAD / HTTP/1.0. All what comes for responce is:

As far as I can tell, it is almost impossible to disguise the operating
system that you are running.  Most platforms display distinctive banners,
have quirks in their IP implementation, or just made different design
choices that may be distinguished remotely (for example, choices about
timeouts, fragmentation issues, etc).  While you can attempt to hide the
platform by disabling as many services as possible, removing banners, and
hiding behind a firewall that reformats packets and connections, there is
really not a whole lot to do.  I find leaving the information there is
often more useful than not -- attempting to exploit a bug doesn't require
knowledge of the OS/version (try all versions you have an exploit for :),
but having the version information there can be useful in debugging
interoperability problems.  

Sort of like having the sendmail version there -- makes it easier to debug
problems, and lets you use wholesale network scanners to find old
versions; but for someone to try to exploit a bug they just try it out.
If you care a whole bunch, it could probably be cleaned up a bit, but I'm
not sure its worth the trouble.  If you think the server says too much,
look at what your average WWW browser spews to the server :).


  Robert N Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: 03 01 DD 8E 15 67 48 73  25 6D 10 FC EC 68 C1 1C

Carnegie Mellon University            http://www.cmu.edu/
TIS Labs at Network Associates, Inc.  http://www.tis.com/
SafePort Network Services             http://www.safeport.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981128163124.2929D-100000>