|
Penetration Testing
mailing list archives
Re: NT/IIS decoy
From: Chuck Fitzpatrick <cfitz () stic net>
Date: Mon, 10 Dec 2001 15:59:15 -0600
Here's a URL for some programs that allow you to edit the banner info for
web, ftp, and smtp in IIS and Apache. Maybe that's what you're looking for.
http://www.nstalker.com/banners.php
-Chuck
At 06:52 AM 12/7/2001 -0500, Lambott () aol com wrote:
Hello
Does anyone know how to hide or mask the identity of a IIS 4.0 or 5.0 server
such that if a "GET" command is issued following a telnet to the server on
port 80, the server will display a different server type so as to hide it's
true identity.
I searched the IIS installation drive using the following strings -
Microsoft-IIS/4.0 and Microsoft-IIS/5.0
The result was a file called w3svc.dll which is aparently the IIS world wide
web publishing service, I manually stopped this service, backed up the file
and then ammended it to reflect my decoy server type, however, next time I
attempt to start the service it failed.
I have heard of honey pot type program that can also achieve my desired
result, but never actually played with one myself.
Has anyone come across this and does anyone know of any solution for what I
am trying to achieve.
Thanks
Taiye Lambo, CISSP
Principal Security Consultant
CyberCops Europe (UK)
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
 By Date 
By Thread
Current thread:
|
Intro
