Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > security-basics > 03 > 064512.html (Request Expert securityfocus.com Support)

Re: Netcraft shows ministryofsound is running IIS 5.0 on LINUX ???

From: Alberto Cozer <acozer(at)fti.com.br>
Date: Mon Jun 16 2003 - 15:59:49 EDT

Although it might be possible to do that (using Wine, maybe) I don't think it's the case. I am not sure how does Netcraft perform its analisys, but it is possible to change characteristics of a machine in such a way that a Linux box will look like a Cisco Router for programs that performs Ofir Arkin's fingerprinting techniques. I have never done it on a Windows box, but it is possible.

On the other hand, an Apache Webserver can be changed to look like an IIS or whatever you want with minimal changes in its configuration/source code. This might be also the case.

Another possibility is that a real Linux box is portmaping TCP 80 to an internal IIS server.

Security techniques that obfuscates the version and/or name of the system you're running aren't very useful. You spent a lot of time changing TCP stack properties, banners, source code etc, but it would not prevent a scriptie kiddie from running a vulnerability scanner agains you. Scriptie kiddies usually don't focus a vulnerability scanning. It is very common to see typical IIS attacks on Apache servers logs, for instance. Professional hackers might loose some time figuring out your systems but they are very good on that and they will do so, doesn't matter wether you've rewriten all the variables in Apache's httpd.c or not.

Of course you should never leave your webserver banner telling the hacker what webserver version you're running, But you should loose too much time on this. It's better spending more time hardening your system and deploying IDSs

Best regards,

Alberto Cozer
Security Oustourcing Director, Future Technologies Digital Security IBM Certified AIX System Specialist
Checkpoint Certified Security Expert, CCSE NG acozer@fti.com.br
http://www.fti.com.br 

                                                                                                                                       
                      Rohit                                                                                                            
                                            cc:                                                                                     
                                               Subject:  Netcraft shows ministryofsound is running IIS 5.0 on LINUX ???                
                      16/06/2003 13:27
Do you need help?X

http://uptime.netcraft.com/up/graph/?host=www.ministryofsound.com

Is this anyway possible??


Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com

Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm


Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare.      

Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance.           

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm

Received on Mon Jun 16 19:48:33 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:04:51 EDT

Do you need more help?X
Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library