RE: NT/IIS decoy
From: Lampe, John W. (JWLAMPE@GAPAC.com)Date: 12/10/01
- Previous message: Robert Hobart: "Re: NT/IIS decoy"
- Maybe in reply to: Lambott@aol.com: "NT/IIS decoy"
- Next in thread: abuse: "RE: NT/IIS decoy"
- Next in thread: Lambott@aol.com: "Re: NT/IIS decoy"
- Reply: abuse: "RE: NT/IIS decoy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Lampe, John W." <JWLAMPE@GAPAC.com> To: 'John Redd' <reddjohn@yahoo.com>, lambott@aol.com Date: Mon, 10 Dec 2001 13:09:04 -0500
on win2k machines you'll also need to disable WFP after hex-editing the w3svc.dll. On apache (at least the *nix versions), you can just edit the httpd.h file to change your banners (prior to compilation).
John
-----Original Message-----
From: John Redd [mailto:reddjohn@yahoo.com]
Sent: Saturday, December 08, 2001 11:18 PM
To: lambott@aol.com
Cc: focus-ms@securityfocus.com
Subject: Re: NT/IIS decoy
Two options:
1) Use a hex editor (UltraEdit) and manually edit the
w3svc.dll replacing any reference of Microsoft-IIS/5.0
(or Microsoft-IIS/4.0)
2) Felipe Moniz has created banner editors for apache,
IIS, M$ FTP and M$ SMTP and can be downloaded at
http://www.nstalker.com/banners.php
Regards,
John
>Does anyone know how to hide or mask the identity of
>a IIS 4.0 or 5.0
>server such that if a "GET" command is issued
>following a telnet to the
>server on port 80, the server will display a
>different server type so
>as to hide it's true identity.
__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com
- Previous message: Robert Hobart: "Re: NT/IIS decoy"
- Maybe in reply to: Lambott@aol.com: "NT/IIS decoy"
- Next in thread: abuse: "RE: NT/IIS decoy"
- Next in thread: Lambott@aol.com: "Re: NT/IIS decoy"
- Reply: abuse: "RE: NT/IIS decoy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
