[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [suse-security] Obscuring OS

> -----Original Message-----
> From: Allen/gore/SlackWareWolf [mailto:goreBOFH@xxxxxxxxxxx]
> Sent: 17 February 2004 23:40
> To: suse-security@xxxxxxxx
> Cc: TheHorse TheHorse
> Subject: Re: [suse-security] Obscuring OS
> On Tuesday 17 February 2004 04:56 pm, Bill.Light@xxxxxx 
> wrote:
> > I am running a mail/web server and Netcraft says that it
> > is  Apache/1.3.28 and  (Linux/SuSE).
> >
> > While on one hand that is nice....Would it not be better
> > to obscure which distro I am running and the version of
> > Apache ??
> >
> > How would one accomplish this ?
> >
> > - Bill
> Don't worry :) Anyone reading this list knows you use SuSE 
> Linux, Apache, and that your name is bill. This is more 
> than enough for me to social engineer my way into root 
> access at your server :) Not that I would, but remember to 
> watch what you let out on a list.

Of course it could be that he's actually a lady called Freda, running
IIS on WinNT4, and trying to disguise the fact.... 

Or maybe his mame _is_ Bill, and he's running Linux/Apache, but
trying to make you think he's running IIS on WinNT4...

Or even that he's a creature from the planet X running FabHTTPd
on SuperOS 6, trying to make you think he's called Bill, pretending 
to be Freda pretending to be Bill?

My head hurts.

Anyway, I agree that hiding OS/webserver info won't help that much,
I remember examinging http requests of my old Netscape Enterprise
server and finding loads of IIS exploits aimed at it.

My guess is that:
1. Attacker tries to find a port 80 that responds to a port scan.
2. Attacker tries whatever tool they've downloaded from some l33t
h4ax0r on #l33t_h4x0rs.

Also - yes, social engineering works scarily well. 


Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here