I am running a mail/web server and Netcraft says that it is Apache/1.3.28 and (Linux/SuSE). While on one hand that is nice....Would it not be better to obscure which distro I am running and the version of Apache ?? How would one accomplish this ? - Bill
Bill.Light@kp.org wrote:
I am running a mail/web server and Netcraft says that it is Apache/1.3.28 and (Linux/SuSE).
While on one hand that is nice....Would it not be better to obscure which distro I am running and the version of Apache ??
It wouldn't improve your security. Script kiddies usaually run automated exploits that don't look at your server signature. They just try to break into servers in a certain IP-range with a certain exploit. This means you are either vulnerable to this exploit or not. No kiddy will look at your server signature (probably because they don't have the right toolz to do that for them). An experienced attacker will be able to figure out all the information he needs even without a server signature. An experienced attacker wouldn't blindly trust an obscured server signature anyway. So either way: changing your server signature doesn't help you. Switching it off doesn't hurt either I guess. Check your httpd.conf for "ServerSignature On" and switch that to Off. Just don't expect this to significantly improve your security. Regards Stefan Nordhausen
On Tuesday 17 February 2004 04:56 pm, Bill.Light@kp.org wrote:
I am running a mail/web server and Netcraft says that it is Apache/1.3.28 and (Linux/SuSE).
While on one hand that is nice....Would it not be better to obscure which distro I am running and the version of Apache ??
How would one accomplish this ?
- Bill
Don't worry :) Anyone reading this list knows you use SuSE Linux, Apache, and that your name is bill. This is more than enough for me to social engineer my way into root access at your server :) Not that I would, but remember to watch what you let out on a list. -- __________________________________________________ We Are 138 http://www.suse.com http://www.slackware.org http://www.bsd.org http://www.daemonnews.org/ http://www.cannibalholocaust.net http://www.misfits.com http://www.onethirtyeight.com
-----Original Message----- From: Allen/gore/SlackWareWolf [mailto:goreBOFH@comcast.net] Sent: 17 February 2004 23:40 To: suse-security@suse.com Cc: TheHorse TheHorse Subject: Re: [suse-security] Obscuring OS
On Tuesday 17 February 2004 04:56 pm, Bill.Light@kp.org wrote:
I am running a mail/web server and Netcraft says that it is Apache/1.3.28 and (Linux/SuSE).
While on one hand that is nice....Would it not be better to obscure which distro I am running and the version of Apache ??
How would one accomplish this ?
- Bill
Don't worry :) Anyone reading this list knows you use SuSE Linux, Apache, and that your name is bill. This is more than enough for me to social engineer my way into root access at your server :) Not that I would, but remember to watch what you let out on a list.
Of course it could be that he's actually a lady called Freda, running IIS on WinNT4, and trying to disguise the fact.... Or maybe his mame _is_ Bill, and he's running Linux/Apache, but trying to make you think he's running IIS on WinNT4... Or even that he's a creature from the planet X running FabHTTPd on SuperOS 6, trying to make you think he's called Bill, pretending to be Freda pretending to be Bill? My head hurts. Anyway, I agree that hiding OS/webserver info won't help that much, I remember examinging http requests of my old Netscape Enterprise server and finding loads of IIS exploits aimed at it. My guess is that: 1. Attacker tries to find a port 80 that responds to a port scan. 2. Attacker tries whatever tool they've downloaded from some l33t h4ax0r on #l33t_h4x0rs. Also - yes, social engineering works scarily well. Tom.
participants (4)
-
Allen/gore/SlackWareWolf
-
Bill.Light@kp.org
-
nordi
-
Tom Knight