RE: easy remote detection of a running tripwire for webpages system

From: Bennett Samowich (brs@ben-tech.com)
Date: 08/29/01 

From: "Bennett Samowich" <brs@ben-tech.com>
To: <bugtraq@securityfocus.com>
Subject: RE: easy remote detection of a running tripwire for webpages system
Date: Wed, 29 Aug 2001 08:47:09 -0400
Message-ID: <NDBBLLLFMLABCIHGKMMGIELKEBAA.brs@ben-tech.com>

This can be avoided by setting the "ServerSignature" directive to "Off" in
the Apache configuration. Once turned off Apache will only send the line
"Server: Apache". This should be done anyways as an attacker can always use
version information gathered from reconnaissance to develop an attack plan.

See the following link for more information on this directive:
http://httpd.apache.org/docs/mod/core.html#serversignature

Unfortunately I can't say for sure how to accomplish the same in other web
servers but I have to imagine that there is a way... or at least there
should be.

Cheers,
- Bennett

> -----Original Message-----
> Hi all,
>
> when i played arround with tripwire for webpages, i noticed
> that it is very easy to detect if this tool is running on a remote
> machine. just type :
>
> telnet <remote-host> 80
> HEAD / HTTP/1.0
>
> The Output looks as follows :
>
> HTTP/1.1 200 OK
> Date: Tue, 28 Aug 2001 15:41:33 GMT
> Server: Apache/1.3.20 (Unix) mod_ssl/2.8.4 OpenSSL/0.9.6 Intrusion/1.0.3
> Last-Modified: Fri, 13 Jul 2001 11:32:48 GMT
> ETag: "c7a3-6f-3b4edc60"
> Accept-Ranges: bytes
> Content-Length: 111
> Connection: close
> Content-Type: text/html
>
>
> The text 'Intrusion/1.0.3' in the 'Server:' line tells me that
> Tripwire for
> Webpages 1.0.3 is running.
...snip...

Relevant Pages

  • Re: easy remote detection of a running tripwire for webpages system
    ... easy remote detection of a running tripwire for webpages system ... This capability is controlled by the ServerTokens directive in apache. ... You can turn off the overly informative server line using this directive: ...
    (Bugtraq)
  • BlueFish, localhost, Apache2, PHP
    ... I can modify the HTML and then use the External Browser ... However if I try to do the same with PHP files, ... does anyone use BlueFish to look at their files while running Apache? ... the webpages I work on in a directory called Webpages under ...
    (alt.os.linux.suse)
  • Re: reducing size of apache instances
    ... and mod_include (allows include statements in html files). ... mod_userdir is only needed if you are allowing users to have webpages ... I assume that some are critical to the basic operation of Apache. ... safely turn off? ...
    (freebsd-questions)
  • Re: Apache configuration
    ... Tasos Bazotis wrote: ... > Webpages aren't loaded correctly on apache. ... How should I modify the httpd.conf file? ...
    (Debian-User)
  • Apache in testing - ServerTokens Prod
    ... On some host (debian testing), I am running Apache and tried to add ... ServerSignature Off ... Even after issuing /etc/init.d/apache2 restart does it not work. ...
    (Debian-User)