Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

NT/IIS decoy
From: Lambott () aol com
Date: Fri, 07 Dec 2001 06:52:34 EST
Hello

Does anyone know how to hide or mask the identity of a IIS 4.0 or 5.0 server such that if a "GET" command is issued 
following a telnet to the server on port 80, the server will display a different server type so as to hide it's true 
identity.

I searched the IIS installation drive using the following strings - Microsoft-IIS/4.0 and Microsoft-IIS/5.0
The result was a file called w3svc.dll which is aparently the IIS world wide web publishing service, I manually stopped 
this service, backed up the file and then ammended it to reflect my decoy server type, however, next time I attempt to 
start the service it failed.
I have heard of honey pot type program that can also achieve my desired result, but never actually played with one 
myself.

Has anyone come across this and does anyone know of any solution for what I am trying to achieve.

Thanks

Taiye Lambo, CISSP
Principal Security Consultant
CyberCops Europe (UK)

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]