-----Original Message----- From: Allen/gore/SlackWareWolf [mailto:goreBOFH@comcast.net] Sent: 17 February 2004 23:40 To: suse-security@suse.com Cc: TheHorse TheHorse Subject: Re: [suse-security] Obscuring OS
On Tuesday 17 February 2004 04:56 pm, Bill.Light@kp.org wrote:
I am running a mail/web server and Netcraft says that it is Apache/1.3.28 and (Linux/SuSE).
While on one hand that is nice....Would it not be better to obscure which distro I am running and the version of Apache ??
How would one accomplish this ?
- Bill
Don't worry :) Anyone reading this list knows you use SuSE Linux, Apache, and that your name is bill. This is more than enough for me to social engineer my way into root access at your server :) Not that I would, but remember to watch what you let out on a list.
Of course it could be that he's actually a lady called Freda, running IIS on WinNT4, and trying to disguise the fact.... Or maybe his mame _is_ Bill, and he's running Linux/Apache, but trying to make you think he's running IIS on WinNT4... Or even that he's a creature from the planet X running FabHTTPd on SuperOS 6, trying to make you think he's called Bill, pretending to be Freda pretending to be Bill? My head hurts. Anyway, I agree that hiding OS/webserver info won't help that much, I remember examinging http requests of my old Netscape Enterprise server and finding loads of IIS exploits aimed at it. My guess is that: 1. Attacker tries to find a port 80 that responds to a port scan. 2. Attacker tries whatever tool they've downloaded from some l33t h4ax0r on #l33t_h4x0rs. Also - yes, social engineering works scarily well. Tom.