mouss wrote:
> Alain Reguera Delgado wrote:
> the first thing I do when I setup a web server is disable any place that
> advertizes what OS and what version it is running. call it security by
I meant to byte on this too.
From examining my logs, I've come to think that the notion that this
helps security is, along with detecting portscans, one of those security
myths.
People who attack my webserver don't appear to test to see what
webserver I'm using, they just run their toolkit over it. Many times,
they try to crack my IIS even though it's actually Apache, exactly as it
says.
Just as they try these, even though there's not Windows box in sight:
From 24.64.3.110 - 3 packets
To 203.34.16.107 - 3 packets
Service: 1026 (udp/1026) (Shorewall:net2fw:DROP:,ppp0,none) -
1 packet
Service: 1027 (udp/1027) (Shorewall:net2fw:DROP:,ppp0,none) -
1 packet
Service: 1028 (udp/1028) (Shorewall:net2fw:DROP:,ppp0,none) -
1 packet
If a program such as nmap can detect what your OS is, then if a cracker
wants to attack Apache sites, it's fair bet that if you're running *X
then you're also running Apache.
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)