Security Basics mailing list archives

Re: Netcraft shows ministryofsound is running IIS 5.0 on LINUX ???

From: "Alberto Cozer" <acozer () fti com br>
Date: Mon, 16 Jun 2003 16:59:49 -0300






Although it might be possible to do that (using Wine, maybe) I don't
think it's the case. I am not sure how does Netcraft perform its
analisys, but it is possible to change characteristics of a machine in
such a way that a Linux box will look like a Cisco Router for programs
that performs Ofir Arkin's fingerprinting techniques. I have never
done it on a Windows box, but it is possible.

On the other hand, an Apache Webserver can be changed to look like an
IIS or whatever you want with minimal changes in its
configuration/source code. This might be also the case.

Another possibility is that a real Linux box is portmaping TCP 80 to
an internal IIS server.

Security techniques that obfuscates the version and/or name of the
system you're running aren't very  useful. You spent a lot of time
changing TCP stack properties, banners, source code etc, but it would
not prevent a scriptie kiddie from running a vulnerability scanner
agains you. Scriptie kiddies usually don't focus a vulnerability
scanning. It is very common to see typical IIS attacks on Apache
servers logs, for instance. Professional hackers might loose some time
figuring out your systems but they are very good on that and they will
do so, doesn't matter wether you've rewriten all the variables in
Apache's httpd.c or not.

Of course you should never leave your webserver banner telling the
hacker what webserver version you're running, But you should loose too
much time on this. It's better spending more time hardening your
system and deploying IDSs

Best regards,

Alberto Cozer
Security Oustourcing Director, Future Technologies Digital Security
IBM Certified AIX System Specialist
Checkpoint Certified Security Expert, CCSE NG
acozer () fti com br
http://www.fti.com.br



                                                                                                                        
               
                      Rohit                                                                                             
               
                      <rohits79@yahoo.c        To:       security-basics () securityfocus com                           
                  
                      om>                      cc:                                                                      
               
                                               Subject:  Netcraft shows ministryofsound is running IIS 5.0 on LINUX ??? 
               
                      16/06/2003 13:27                                                                                  
               
                                                                                                                        
               





http://uptime.netcraft.com/up/graph/?host=www.ministryofsound.com



Is this anyway possible??


__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com

---------------------------------------------------------------------------

Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top
analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access
in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------





---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

Current thread:

Netcraft shows ministryofsound is running IIS 5.0 on LINUX ??? Rohit (Jun 16)
- RE: Netcraft shows ministryofsound is running IIS 5.0 on LINUX ??? Larry Seltzer (Jun 16)
- RE: Netcraft shows ministryofsound is running IIS 5.0 on LINUX ??? Matt Andreko (Jun 16)
- Re: Netcraft shows ministryofsound is running IIS 5.0 on LINUX ??? Alberto Cozer (Jun 16)
- Re: Netcraft shows ministryofsound is running IIS 5.0 on LINUX ??? Steve Bremer (Jun 16)
- Re: Netcraft shows ministryofsound is running IIS 5.0 on LINUX ??? Steinar Skjelanger (Jun 16)
- Re: Netcraft shows ministryofsound is running IIS 5.0 on LINUX ??? Alejandro Flores (Jun 16)
- Re: Netcraft shows ministryofsound is running IIS 5.0 on LINUX ??? Daniel B. Cid (Jun 16)
- Re: Netcraft shows ministryofsound is running IIS 5.0 on LINUX ??? John Hanlon (Jun 16)
- Re: Netcraft shows ministryofsound is running IIS 5.0 on LINUX ??? Johan Denoyer (Jun 16)
- <Possible follow-ups>
- Re: Netcraft shows ministryofsound is running IIS 5.0 on LINUX ??? Ian Tashima (Jun 16)
- RE: Netcraft shows ministryofsound is running IIS 5.0 on LINUX ??? Chris Neppes (Jun 16)
- Re: Netcraft shows ministryofsound is running IIS 5.0 on LINUX ??? Alaric Darconville (Jun 16)
- Re: Netcraft shows ministryofsound is running IIS 5.0 on LINUX ??? Chris Berry (Jun 17)

(Thread continues...)