RE: Re: Hiding Versions
From: Khalil.Haddad@ubs.com
Date: 07/09/01
- Next message: Darren Reed: "Re: FW: Small TCP packets == very large overhead == DoS?"
- Previous message: Axel Scheepers: "Re: Firewall and ftp service"
- Maybe in reply to: alexus: "Re: Hiding Versions"
- Next in thread: Rossen Raykov: "RE: Re: Hiding Versions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Khalil.Haddad@ubs.com Date: Mon, 9 Jul 2001 10:07:26 +0200 To: freebsd-security@FreeBSD.ORG
thx all for your answers.
I read in the apache docs that the ServerTokens could do the trick
(hiding apache version) for example i often see : Apache v1.3.x the x
hiding the version.
Unfortunately, i could make this to work, it always outputs the same
string.
Anyone has a successful experience ?
Thank you
Khalil
-----Original Message-----
From: roam [mailto:roam@orbitel.bg]
Sent: 06 July 2001 17:15
To: Haddad, Khalil
Cc: roam; freebsd-security
Subject: Re: Hiding Versions
On Fri, Jul 06, 2001 at 05:02:17PM +0200, Khalil.Haddad@ubs.com wrote:
> Hello all,
>
> After visiting this web site : www.netcraft.com, I discovered that it
> is possible to trace version changes of OS, apache or php.
>
> Example :
> FreeBSD Apache/1.3.9 (Unix) mod_perl/1.20 4-Dec-2000 195.92.95.5
> Netcraft
> unknown Apache/1.3.9 (Unix) mod_perl/1.20 3-Dec-2000 195.92.95.5
> Netcraft
> FreeBSD Apache/1.3.9 (Unix) mod_perl/1.20 19-Nov-2000 195.92.95.5
> Planet Online
> unknown Apache/1.3.9 (Unix) mod_perl/1.20 18-Nov-2000 195.92.95.5
> Planet Online
> FreeBSD Apache/1.3.9 (Unix) mod_perl/1.20 14-Nov-2000 195.92.95.5
> Planet Online
> FreeBSD Apache/1.3.9 (Unix) mod_perl/1.20 15-Sep-1999
195.188.192.5
> Netcraft Ltd
> FreeBSD Apache/1.3.6 (Unix) mod_perl/1.20 2-Jul-1999 195.188.192.5
> Netcraft Ltd
> FreeBSD Apache/1.3.6 (Unix) mod_perl/1.18 9-Jun-1999 195.188.192.5
> Netcraft Ltd
> FreeBSD Apache/1.3.4 (Unix) mod_perl/1.18 26-May-1999
195.188.192.5
> Netcraft Ltd
>
> I wanted to know how this was possible, if FreeBSD stores version
> history somewhere. What should I do to secure this and how, because
> knowing that anyone can get the history of version changes on your
> system doesn't make you fell secure...
They can only track history in the sense of storing information obtained
by somebody performing a query on the given date. This list just means
that somebody has done those queries on May 26, 1999, June 9, 1999 etc,
and the Netcraft database has stored the results.
If nobody has been interested in *your* server, Netcraft would not
have any information stored about it. It is the Netcraft database,
not your OS, that keeps history.
> By the way, the output for my server gives me Apache/1.3.19 but i
have
> upgraded to 1.3.20 recently, why hasn't this been taken in
> consideration? (i used ports to upgrade)
Maybe no one has performed a Netcraft query for your server since
you upgraded.
G'luck,
Peter
-- I am the meaning of this sentence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Darren Reed: "Re: FW: Small TCP packets == very large overhead == DoS?"
- Previous message: Axel Scheepers: "Re: Firewall and ftp service"
- Maybe in reply to: alexus: "Re: Hiding Versions"
- Next in thread: Rossen Raykov: "RE: Re: Hiding Versions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
