 |
|
|
|
Next: Best Book for IIS 6.0?
|
| Author |
Message |
External
Since: Feb 06, 2004
Posts: 9
|
(Msg. 1) Posted: Sat Feb 07, 2004 2:11 am
Post subject: Fake IIS header
Archived from groups: microsoft>public>inetserver>iis (more info?)
|
|
|
There are certain attacks out there that are against IIS specifically, how
can i change the header to something else like walmart.com did?
Thanks,
quote from netcraft.com faq
------------
Why do you report impossible operating system/server combinations ?
----------------------------------------------------------------------------
----
Webservers that operate behind a caching system, load balancer, reverse
proxy server or a firewall may sometimes report the operating system of the
intermediate machine. Hence reports of 'Microsoft/IIS on Linux' may indicate
that either the web server is behind a Linux server that is acting as a
reverse proxy, or has configured the Akamai caching system such that the
first request to the site goes to one of Akamai's servers [which run Linux],
or as in the case of www.walmart.com has been configured to send a
misleading signature. |
|
| Back to top |
|
 | |
External
Since: Aug 23, 2003
Posts: 3146
|
(Msg. 2) Posted: Sat Feb 07, 2004 2:09 pm
Post subject: Re: Fake IIS header [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Hello,
"HOW TO: Mask IIS Version Information from Network Trace and Telnet"
<a style='text-decoration: underline;' href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q317741" target="_blank">http://support.microsoft.com/default.aspx?scid=kb;en-us;Q317741</a>
--
Regards,
Kristofer Gafvert - IIS MVP
Reply to newsgroup only. Remove NEWS if you must reply by email, but please
do not.
<a style='text-decoration: underline;' href="http://www.ilopia.com" target="_blank">www.ilopia.com</a> - FAQ and Tutorials for Windows Server 2003
"Aaron" <kuya789.RemoveThis@yahoo.com> wrote in message
news:e2OZkEU7DHA.3304@tk2msftngp13.phx.gbl...
> There are certain attacks out there that are against IIS specifically, how
> can i change the header to something else like walmart.com did?
>
> Thanks,
>
> quote from netcraft.com faq
> ------------
> Why do you report impossible operating system/server combinations ?
>
>
> --------------------------------------------------------------------------
--
> ----
>
>
> Webservers that operate behind a caching system, load balancer, reverse
> proxy server or a firewall may sometimes report the operating system of
the
> intermediate machine. Hence reports of 'Microsoft/IIS on Linux' may
indicate
> that either the web server is behind a Linux server that is acting as a
> reverse proxy, or has configured the Akamai caching system such that the
> first request to the site goes to one of Akamai's servers [which run
Linux],
> or as in the case of <a style='text-decoration: underline;' href="http://www.walmart.com" target="_blank">www.walmart.com</a> has been configured to send a
> misleading signature.
>
><!-- ~MESSAGE_AFTER~ --> |
|
| Back to top |
|
| |
External
Since: Aug 22, 2003
Posts: 710
|
(Msg. 3) Posted: Sat Feb 07, 2004 4:38 pm
Post subject: Re: Fake IIS header [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Hi Aaron,
I just wanted to add that changing the server's version string won't "stop"
the automated viruses from trying to attack you. Linux Apache logs show
Code Red attempts all of the time. Bottom line is, you'll need more
security than changing the version string if you don't want to be hacked
--
--Jonathan Maltz [Microsoft MVP - Windows Server]
<a style='text-decoration: underline;' href="http://www.visualwin.com" target="_blank">http://www.visualwin.com</a> - A Windows Server 2003 visual, step-by-step
tutorial site 
<a style='text-decoration: underline;' href="http://vpc.visualwin.com" target="_blank">http://vpc.visualwin.com</a> - Does <insert OS name> work on VPC 2004? Find out
here
Only reply by newsgroup. I do not do technical support via email. Any
emails I have not authorized are deleted before I see them.
"Aaron" <kuya789.TakeThisOut@yahoo.com> wrote in message
news:e2OZkEU7DHA.3304@tk2msftngp13.phx.gbl...
> There are certain attacks out there that are against IIS specifically, how
> can i change the header to something else like walmart.com did?
>
> Thanks,
>
> quote from netcraft.com faq
> ------------
> Why do you report impossible operating system/server combinations ?
>
>
> --------------------------------------------------------------------------
--
> ----
>
>
> Webservers that operate behind a caching system, load balancer, reverse
> proxy server or a firewall may sometimes report the operating system of
the
> intermediate machine. Hence reports of 'Microsoft/IIS on Linux' may
indicate
> that either the web server is behind a Linux server that is acting as a
> reverse proxy, or has configured the Akamai caching system such that the
> first request to the site goes to one of Akamai's servers [which run
Linux],
> or as in the case of <a style='text-decoration: underline;' href="http://www.walmart.com" target="_blank">www.walmart.com</a> has been configured to send a
> misleading signature.
>
><!-- ~MESSAGE_AFTER~ --> >> Stay informed about: Fake IIS header |
|
| Back to top |
|
| |
External
Since: Feb 06, 2004
Posts: 9
|
(Msg. 4) Posted: Sat Feb 07, 2004 7:58 pm
Post subject: Re: Fake IIS header [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Can I mask the header simply by editing the registry, without installing
urlscan (less system resource used)?
"Kristofer Gafvert" <kgafvert.DeleteThis@NEWSilopia.com> wrote in message
news:%23GlW1JW7DHA.3704@tk2msftngp13.phx.gbl...
> Hello,
>
> "HOW TO: Mask IIS Version Information from Network Trace and Telnet"
<font color=purple> > <a style='text-decoration: underline;' href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q317741</font" target="_blank">http://support.microsoft.com/default.aspx?scid=kb;en-us;Q317741</font</a>>
>
> --
> Regards,
> Kristofer Gafvert - IIS MVP
> Reply to newsgroup only. Remove NEWS if you must reply by email, but
please
> do not.
> <a style='text-decoration: underline;' href="http://www.ilopia.com" target="_blank">www.ilopia.com</a> - FAQ and Tutorials for Windows Server 2003
>
>
> "Aaron" <kuya789.DeleteThis@yahoo.com> wrote in message
> news:e2OZkEU7DHA.3304@tk2msftngp13.phx.gbl...
> > There are certain attacks out there that are against IIS specifically,
how
> > can i change the header to something else like walmart.com did?
> >
> > Thanks,
> >
> > quote from netcraft.com faq
> > ------------
> > Why do you report impossible operating system/server combinations ?
> >
> >
>
> --------------------------------------------------------------------------
> --
> > ----
> >
> >
> > Webservers that operate behind a caching system, load balancer, reverse
> > proxy server or a firewall may sometimes report the operating system of
> the
> > intermediate machine. Hence reports of 'Microsoft/IIS on Linux' may
> indicate
> > that either the web server is behind a Linux server that is acting as a
> > reverse proxy, or has configured the Akamai caching system such that the
> > first request to the site goes to one of Akamai's servers [which run
> Linux],
> > or as in the case of <a style='text-decoration: underline;' href="http://www.walmart.com" target="_blank">www.walmart.com</a> has been configured to send a
> > misleading signature.
> >
> >
>
><!-- ~MESSAGE_AFTER~ --> >> Stay informed about: Fake IIS header |
|
| Back to top |
|
| |
External
Since: Aug 25, 2003
Posts: 2419
|
(Msg. 5) Posted: Sat Feb 07, 2004 8:12 pm
Post subject: Re: Fake IIS header [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
No, there is no registry switch to tell IIS to send another Server header.
If you are running IIS4/5/5.1, you should be running URLScan... the "system
resource" used is almost trivial in comparison to your applications --
URLScan is a trim 27KB DLL file and barely uses 1% of CPU under heavy load.
--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Aaron" <kuya789.RemoveThis@yahoo.com> wrote in message
news:OnPZIZd7DHA.2404@TK2MSFTNGP12.phx.gbl...
Can I mask the header simply by editing the registry, without installing
urlscan (less system resource used)?
"Kristofer Gafvert" <kgafvert.RemoveThis@NEWSilopia.com> wrote in message
news:%23GlW1JW7DHA.3704@tk2msftngp13.phx.gbl...
> Hello,
>
> "HOW TO: Mask IIS Version Information from Network Trace and Telnet"
<font color=purple> > <a style='text-decoration: underline;' href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q317741</font" target="_blank">http://support.microsoft.com/default.aspx?scid=kb;en-us;Q317741</font</a>>
>
> --
> Regards,
> Kristofer Gafvert - IIS MVP
> Reply to newsgroup only. Remove NEWS if you must reply by email, but
please
> do not.
> <a style='text-decoration: underline;' href="http://www.ilopia.com" target="_blank">www.ilopia.com</a> - FAQ and Tutorials for Windows Server 2003
>
>
> "Aaron" <kuya789.RemoveThis@yahoo.com> wrote in message
> news:e2OZkEU7DHA.3304@tk2msftngp13.phx.gbl...
> > There are certain attacks out there that are against IIS specifically,
how
> > can i change the header to something else like walmart.com did?
> >
> > Thanks,
> >
> > quote from netcraft.com faq
> > ------------
> > Why do you report impossible operating system/server combinations ?
> >
> >
>
> --------------------------------------------------------------------------
> --
> > ----
> >
> >
> > Webservers that operate behind a caching system, load balancer, reverse
> > proxy server or a firewall may sometimes report the operating system of
> the
> > intermediate machine. Hence reports of 'Microsoft/IIS on Linux' may
> indicate
> > that either the web server is behind a Linux server that is acting as a
> > reverse proxy, or has configured the Akamai caching system such that the
> > first request to the site goes to one of Akamai's servers [which run
> Linux],
> > or as in the case of <a style='text-decoration: underline;' href="http://www.walmart.com" target="_blank">www.walmart.com</a> has been configured to send a
> > misleading signature.
> >
> >
>
><!-- ~MESSAGE_AFTER~ --> >> Stay informed about: Fake IIS header |
|
| Back to top |
|
| |
External
Since: Feb 06, 2004
Posts: 9
|
(Msg. 6) Posted: Sat Feb 07, 2004 10:03 pm
Post subject: Re: Fake IIS header [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Im using windows server 2003 IIS 6. That's why i was asking if i can edit
the registry, since IIS 6 already has more of the features in UrlScan and
better.
is it possible with IIS6?
"David Wang [Msft]" <someone RemoveThis @online.microsoft.com> wrote in message
news:OnTUQDe7DHA.1816@TK2MSFTNGP12.phx.gbl...
> No, there is no registry switch to tell IIS to send another Server header.
>
> If you are running IIS4/5/5.1, you should be running URLScan... the
"system
> resource" used is almost trivial in comparison to your applications --
> URLScan is a trim 27KB DLL file and barely uses 1% of CPU under heavy
load.
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> "Aaron" <kuya789 RemoveThis @yahoo.com> wrote in message
> news:OnPZIZd7DHA.2404@TK2MSFTNGP12.phx.gbl...
> Can I mask the header simply by editing the registry, without installing
> urlscan (less system resource used)?
>
> "Kristofer Gafvert" <kgafvert RemoveThis @NEWSilopia.com> wrote in message
> news:%23GlW1JW7DHA.3704@tk2msftngp13.phx.gbl...
> > Hello,
> >
> > "HOW TO: Mask IIS Version Information from Network Trace and Telnet"
<font color=green> > > <a style='text-decoration: underline;' href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q317741</font" target="_blank">http://support.microsoft.com/default.aspx?scid=kb;en-us;Q317741</font</a>>
> >
> > --
> > Regards,
> > Kristofer Gafvert - IIS MVP
> > Reply to newsgroup only. Remove NEWS if you must reply by email, but
> please
> > do not.
> > <a style='text-decoration: underline;' href="http://www.ilopia.com" target="_blank">www.ilopia.com</a> - FAQ and Tutorials for Windows Server 2003
> >
> >
> > "Aaron" <kuya789 RemoveThis @yahoo.com> wrote in message
> > news:e2OZkEU7DHA.3304@tk2msftngp13.phx.gbl...
> > > There are certain attacks out there that are against IIS specifically,
> how
> > > can i change the header to something else like walmart.com did?
> > >
> > > Thanks,
> > >
> > > quote from netcraft.com faq
> > > ------------
> > > Why do you report impossible operating system/server combinations ?
> > >
> > >
> >
>
> --------------------------------------------------------------------------
> > --
> > > ----
> > >
> > >
> > > Webservers that operate behind a caching system, load balancer,
reverse
> > > proxy server or a firewall may sometimes report the operating system
of
> > the
> > > intermediate machine. Hence reports of 'Microsoft/IIS on Linux' may
> > indicate
> > > that either the web server is behind a Linux server that is acting as
a
> > > reverse proxy, or has configured the Akamai caching system such that
the
> > > first request to the site goes to one of Akamai's servers [which run
> > Linux],
> > > or as in the case of <a style='text-decoration: underline;' href="http://www.walmart.com" target="_blank">www.walmart.com</a> has been configured to send a
> > > misleading signature.
> > >
> > >
> >
> >
>
>
>
><!-- ~MESSAGE_AFTER~ --> >> Stay informed about: Fake IIS header |
|
| Back to top |
|
| |
External
Since: Aug 25, 2003
Posts: 2419
|
(Msg. 7) Posted: Sat Feb 07, 2004 10:18 pm
Post subject: Re: Fake IIS header [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
No, there is no registry switch in IIS6. You can strip down URLScan to just
do the server header manipulation if that makes you feel better.
Server header isn't going to buy you anything in terms of security. Worms
and automated attacks are going to try all vulnerabilities, period,
regardless of Server header. TCP level packets also give away the
underlying OS regardless of what the Server header states, so at best,
changing server header does nothing but give you a warm fuzzy.
--
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Aaron" <kuya789.DeleteThis@yahoo.com> wrote in message
news:etcxJfe7DHA.2300@TK2MSFTNGP10.phx.gbl...
Im using windows server 2003 IIS 6. That's why i was asking if i can edit
the registry, since IIS 6 already has more of the features in UrlScan and
better.
is it possible with IIS6?
"David Wang [Msft]" <someone.DeleteThis@online.microsoft.com> wrote in message
news:OnTUQDe7DHA.1816@TK2MSFTNGP12.phx.gbl...
> No, there is no registry switch to tell IIS to send another Server header.
>
> If you are running IIS4/5/5.1, you should be running URLScan... the
"system
> resource" used is almost trivial in comparison to your applications --
> URLScan is a trim 27KB DLL file and barely uses 1% of CPU under heavy
load.
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> "Aaron" <kuya789.DeleteThis@yahoo.com> wrote in message
> news:OnPZIZd7DHA.2404@TK2MSFTNGP12.phx.gbl...
> Can I mask the header simply by editing the registry, without installing
> urlscan (less system resource used)?
>
> "Kristofer Gafvert" <kgafvert.DeleteThis@NEWSilopia.com> wrote in message
> news:%23GlW1JW7DHA.3704@tk2msftngp13.phx.gbl...
> > Hello,
> >
> > "HOW TO: Mask IIS Version Information from Network Trace and Telnet"
<font color=green> > > <a style='text-decoration: underline;' href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q317741</font" target="_blank">http://support.microsoft.com/default.aspx?scid=kb;en-us;Q317741</font</a>>
> >
> > --
> > Regards,
> > Kristofer Gafvert - IIS MVP
> > Reply to newsgroup only. Remove NEWS if you must reply by email, but
> please
> > do not.
> > <a style='text-decoration: underline;' href="http://www.ilopia.com" target="_blank">www.ilopia.com</a> - FAQ and Tutorials for Windows Server 2003
> >
> >
> > "Aaron" <kuya789.DeleteThis@yahoo.com> wrote in message
> > news:e2OZkEU7DHA.3304@tk2msftngp13.phx.gbl...
> > > There are certain attacks out there that are against IIS specifically,
> how
> > > can i change the header to something else like walmart.com did?
> > >
> > > Thanks,
> > >
> > > quote from netcraft.com faq
> > > ------------
> > > Why do you report impossible operating system/server combinations ?
> > >
> > >
> >
>
> --------------------------------------------------------------------------
> > --
> > > ----
> > >
> > >
> > > Webservers that operate behind a caching system, load balancer,
reverse
> > > proxy server or a firewall may sometimes report the operating system
of
> > the
> > > intermediate machine. Hence reports of 'Microsoft/IIS on Linux' may
> > indicate
> > > that either the web server is behind a Linux server that is acting as
a
> > > reverse proxy, or has configured the Akamai caching system such that
the
> > > first request to the site goes to one of Akamai's servers [which run
> > Linux],
> > > or as in the case of <a style='text-decoration: underline;' href="http://www.walmart.com" target="_blank">www.walmart.com</a> has been configured to send a
> > > misleading signature.
> > >
> > >
> >
> >
>
>
>
><!-- ~MESSAGE_AFTER~ --> >> Stay informed about: Fake IIS header |
|
| Back to top |
|
| |
External
Since: Aug 23, 2003
Posts: 3146
|
(Msg. 8) Posted: Sun Feb 08, 2004 5:01 am
Post subject: Re: Fake IIS header [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
As far as i know, it is only possible with URLScan. But on the other hand, i
have never spent time trying to find another way to do it.
--
Regards,
Kristofer Gafvert - IIS MVP
Reply to newsgroup only. Remove NEWS if you must reply by email, but please
do not.
<a style='text-decoration: underline;' href="http://www.ilopia.com" target="_blank">www.ilopia.com</a> - FAQ and Tutorials for Windows Server 2003
"Aaron" <kuya789.DeleteThis@yahoo.com> wrote in message
news:OnPZIZd7DHA.2404@TK2MSFTNGP12.phx.gbl...
> Can I mask the header simply by editing the registry, without installing
> urlscan (less system resource used)?
>
> "Kristofer Gafvert" <kgafvert.DeleteThis@NEWSilopia.com> wrote in message
> news:%23GlW1JW7DHA.3704@tk2msftngp13.phx.gbl...
> > Hello,
> >
> > "HOW TO: Mask IIS Version Information from Network Trace and Telnet"
<font color=green> > > <a style='text-decoration: underline;' href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q317741</font" target="_blank">http://support.microsoft.com/default.aspx?scid=kb;en-us;Q317741</font</a>>
> >
> > --
> > Regards,
> > Kristofer Gafvert - IIS MVP
> > Reply to newsgroup only. Remove NEWS if you must reply by email, but
> please
> > do not.
> > <a style='text-decoration: underline;' href="http://www.ilopia.com" target="_blank">www.ilopia.com</a> - FAQ and Tutorials for Windows Server 2003
> >
> >
> > "Aaron" <kuya789.DeleteThis@yahoo.com> wrote in message
> > news:e2OZkEU7DHA.3304@tk2msftngp13.phx.gbl...
> > > There are certain attacks out there that are against IIS specifically,
> how
> > > can i change the header to something else like walmart.com did?
> > >
> > > Thanks,
> > >
> > > quote from netcraft.com faq
> > > ------------
> > > Why do you report impossible operating system/server combinations ?
> > >
> > >
> >
>
> --------------------------------------------------------------------------
> > --
> > > ----
> > >
> > >
> > > Webservers that operate behind a caching system, load balancer,
reverse
> > > proxy server or a firewall may sometimes report the operating system
of
> > the
> > > intermediate machine. Hence reports of 'Microsoft/IIS on Linux' may
> > indicate
> > > that either the web server is behind a Linux server that is acting as
a
> > > reverse proxy, or has configured the Akamai caching system such that
the
> > > first request to the site goes to one of Akamai's servers [which run
> > Linux],
> > > or as in the case of <a style='text-decoration: underline;' href="http://www.walmart.com" target="_blank">www.walmart.com</a> has been configured to send a
> > > misleading signature.
> > >
> > >
> >
> >
>
><!-- ~MESSAGE_AFTER~ --> >> Stay informed about: Fake IIS header |
|
| Back to top |
|
| |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
|
|
FAQ
Profile
Private Messages
Log in
