May 18th, 2003 06:12 PM
As promised I have some output from my server, I editid some of it like the Basic Auth I changed and my acutal domain. Trhying to be as secure as posible as I am learning alot about security here.
I realy apreciate your responces, this was bafeling me for about a week asi tryed to spoof my information netcraft seemed to always catch everything. The tools you mention should help me alot, going to download them and bookmark them for the future. As mentioned the server I run is keyfocus www.keyfocus.net its actualy quite easy to set up and configureation all done through a gui interface though I could manualy edit the config.
Will definately check out those tools you mention especialy IDserv sounds interesting, had some problems getting snort to work but finaly got some output. I also tryed proxomitron as i remembered it had a log window. Here is the output of proxomitron:
My snort output atached
GET / HTTP/1.0
If-Modified-Since: Mon, 05 May 2003 19:10:06 GMT; length=1233
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Avant Browser [avantbrowser.com]; Crazy Browser 1.0.5; (R1 1.3))
Authorization: Basic c3Bvb2ZlZA==
Accept-encoding: gzip, deflate
Browser reload detected...
HTTP/1.1 200 OK
Date: Sun, 18 May 2003 16:43:04 GMT
Last-Modified: Mon, 05 May 2003 19:10:06 GMT
Server: Apache/2.0.40 (Red Hat Linux)
May 18th, 2003 07:48 PM
Just an update, I downloaded IDServ and amazingly it told me The server's response did not contain the expected 'Server:' header to identify itself. Therefore, server's identity can not be determined.
I went to check out URLScan and read about it but said it was only for IIS. But read alittle about it and was inreguing.
I checked out slarty's projects page and am reading through the article now. It is a fasinateing read and im only in the first parqagraph. Will read through it but would like to comment on the nice work and effort you put into it, as what I understand you made the site right? Very nicely done.
Well I have been thinking about this and still undesided but you make a good point
Thanks one again for all of your guidence and help.
I personally don't see the need to try and hide what you are running, normally it takes an attacker all of one request to tell that you lied in the response and worms don't care.