Re: Re: HTTP Headers

[List Spam <listspam () gmail com>]

On 1/16/06, Rubin, Greg <rubin () amazon com> wrote:
> Well, there is the "Server" HTTP header.
>
> Example:
>
> Server: Apache/1.3.29 (Unix) mod_perl/1.29
>
> Greg R.

I would seriously caution against relying upon data presented by a
service banner - whether it be HTTP, FTP, SSH, whatever.  The banners
can be changed with a trivial amount of knowledge and are often
"tweaked" by those seeking to either mislead or present some form of
misguided security through obscurity.

If the OP wants to determine when a box was last patched (just looking
for specific services, IP stack, kernel, ???), they can only rely on
comparing the corresponding binaries to the version(s) you are looking
for it to support.  This requires some sort of access to both the file
system and, if you want to be 100% certain, the memory space on the
box in question.

If you control the boxes in question, you can always institute some
sort of version/config management/enforcement system like CFEngine or
SMS.  If you don't control the boxes, it will always come down to
asking yourself this question:  Do you trust the box/admins in
question?

My two cents.

RE

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------