Home page logo

basics logo Security Basics mailing list archives

Re: Re: HTTP Headers
From: List Spam <listspam () gmail com>
Date: Tue, 17 Jan 2006 07:17:38 -0800

On 1/16/06, Rubin, Greg <rubin () amazon com> wrote:
Well, there is the "Server" HTTP header.


Server: Apache/1.3.29 (Unix) mod_perl/1.29

Greg R.

I would seriously caution against relying upon data presented by a
service banner - whether it be HTTP, FTP, SSH, whatever.  The banners
can be changed with a trivial amount of knowledge and are often
"tweaked" by those seeking to either mislead or present some form of
misguided security through obscurity.

If the OP wants to determine when a box was last patched (just looking
for specific services, IP stack, kernel, ???), they can only rely on
comparing the corresponding binaries to the version(s) you are looking
for it to support.  This requires some sort of access to both the file
system and, if you want to be 100% certain, the memory space on the
box in question.

If you control the boxes in question, you can always institute some
sort of version/config management/enforcement system like CFEngine or
SMS.  If you don't control the boxes, it will always come down to
asking yourself this question:  Do you trust the box/admins in

My two cents.


The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]