Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12

Thread: httpd wwwserver wear a disguise?

  1. #11
    Senior Member
    Join Date
    Feb 2003
    Posts
    282
    As promised I have some output from my server, I editid some of it like the Basic Auth I changed and my acutal domain. Trhying to be as secure as posible as I am learning alot about security here.

    I realy apreciate your responces, this was bafeling me for about a week asi tryed to spoof my information netcraft seemed to always catch everything. The tools you mention should help me alot, going to download them and bookmark them for the future. As mentioned the server I run is keyfocus www.keyfocus.net its actualy quite easy to set up and configureation all done through a gui interface though I could manualy edit the config.

    Will definately check out those tools you mention especialy IDserv sounds interesting, had some problems getting snort to work but finaly got some output. I also tryed proxomitron as i remembered it had a log window. Here is the output of proxomitron:

    GET / HTTP/1.0
    Accept: */*
    Accept-Language: en-us
    If-Modified-Since: Mon, 05 May 2003 19:10:06 GMT; length=1233
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Avant Browser [avantbrowser.com]; Crazy Browser 1.0.5; (R1 1.3))
    Host: faked.spoofd.org:9077
    Pragma: no-cache
    Authorization: Basic c3Bvb2ZlZA==
    Connection: keep-alive
    Accept-encoding: gzip, deflate
    Browser reload detected...

    +++RESP 1+++
    HTTP/1.1 200 OK
    Content-Encoding: gzip
    Content-Length: 643
    Content-Type: text/html
    Date: Sun, 18 May 2003 16:43:04 GMT
    Last-Modified: Mon, 05 May 2003 19:10:06 GMT
    Server: Apache/2.0.40 (Red Hat Linux)
    Vary: Accept-Encoding
    My snort output atached

  2. #12
    Senior Member
    Join Date
    Feb 2003
    Posts
    282
    Just an update, I downloaded IDServ and amazingly it told me The server's response did not contain the expected 'Server:' header to identify itself. Therefore, server's identity can not be determined.

    I went to check out URLScan and read about it but said it was only for IIS. But read alittle about it and was inreguing.

    I checked out slarty's projects page and am reading through the article now. It is a fasinateing read and im only in the first parqagraph. Will read through it but would like to comment on the nice work and effort you put into it, as what I understand you made the site right? Very nicely done.

    Well I have been thinking about this and still undesided but you make a good point

    I personally don't see the need to try and hide what you are running, normally it takes an attacker all of one request to tell that you lied in the response and worms don't care.
    Thanks one again for all of your guidence and help.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •