RE: NT/IIS decoy

From: Lampe, John W. (JWLAMPE@GAPAC.com)
Date: 12/10/01


From: "Lampe, John W." <JWLAMPE@GAPAC.com>
To: 'John Redd' <reddjohn@yahoo.com>, lambott@aol.com
Date: Mon, 10 Dec 2001 13:09:04 -0500

on win2k machines you'll also need to disable WFP after hex-editing the w3svc.dll. On apache (at least the *nix versions), you can just edit the httpd.h file to change your banners (prior to compilation).

John

-----Original Message-----
From: John Redd [mailto:reddjohn@yahoo.com]
Sent: Saturday, December 08, 2001 11:18 PM
To: lambott@aol.com
Cc: focus-ms@securityfocus.com
Subject: Re: NT/IIS decoy

Two options:

1) Use a hex editor (UltraEdit) and manually edit the
w3svc.dll replacing any reference of Microsoft-IIS/5.0
(or Microsoft-IIS/4.0)

2) Felipe Moniz has created banner editors for apache,
IIS, M$ FTP and M$ SMTP and can be downloaded at
http://www.nstalker.com/banners.php

Regards,

John

>Does anyone know how to hide or mask the identity of
>a IIS 4.0 or 5.0
>server such that if a "GET" command is issued
>following a telnet to the
>server on port 80, the server will display a
>different server type so
>as to hide it's true identity.

__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com



Relevant Pages

  • Re: IIS ADMIN
    ... >> You don't have to give away the keys to the kingdom to administer IIS. ... You may need to modify ... The developer is making com components on the server. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Hacker "scanned" my webserver
    ... I now have the server ... Without some kind of hex editor for the disk, ... >IIS security newsgroup where the gurus hang out. ...
    (microsoft.public.win2000.security)
  • Re: Problems creating a Virtual Directory in SBS 2k3
    ... I am no expert in IIS so please be ... gentle with me... ... > the server because there is already enough going on in that site. ...
    (microsoft.public.windows.server.sbs)
  • Re: windows update causes ASP .NET problems
    ... Thanks, John, but I forgot to mention in my post that ASP pages on the same server are accessible and run correctly. ... that suggests that IIS either isn't ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: NT/IIS decoy
    ... Use a hex editor and manually edit the ... Felipe Moniz has created banner editors for apache, ... IIS, M$ FTP and M$ SMTP and can be downloaded at ... >server such that if a "GET" command is issued ...
    (Focus-Microsoft)