[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [suse-security] Obscuring OS
> -----Original Message-----
> From: Allen/gore/SlackWareWolf [mailto:goreBOFH@xxxxxxxxxxx]
> Sent: 17 February 2004 23:40
> To: suse-security@xxxxxxxx
> Cc: TheHorse TheHorse
> Subject: Re: [suse-security] Obscuring OS
> On Tuesday 17 February 2004 04:56 pm, Bill.Light@xxxxxx
> > I am running a mail/web server and Netcraft says that it
> > is Apache/1.3.28 and (Linux/SuSE).
> > While on one hand that is nice....Would it not be better
> > to obscure which distro I am running and the version of
> > Apache ??
> > How would one accomplish this ?
> > - Bill
> Don't worry :) Anyone reading this list knows you use SuSE
> Linux, Apache, and that your name is bill. This is more
> than enough for me to social engineer my way into root
> access at your server :) Not that I would, but remember to
> watch what you let out on a list.
Of course it could be that he's actually a lady called Freda, running
IIS on WinNT4, and trying to disguise the fact....
Or maybe his mame _is_ Bill, and he's running Linux/Apache, but
trying to make you think he's running IIS on WinNT4...
Or even that he's a creature from the planet X running FabHTTPd
on SuperOS 6, trying to make you think he's called Bill, pretending
to be Freda pretending to be Bill?
My head hurts.
Anyway, I agree that hiding OS/webserver info won't help that much,
I remember examinging http requests of my old Netscape Enterprise
server and finding loads of IIS exploits aimed at it.
My guess is that:
1. Attacker tries to find a port 80 that responds to a port scan.
2. Attacker tries whatever tool they've downloaded from some l33t
h4ax0r on #l33t_h4x0rs.
Also - yes, social engineering works scarily well.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here