Re: Preventing OS Detection

From: Tony Moran (focus-ms_at_Ayahuasca.NET)
Date: 02/24/04

Next message: Ansar Mohammed: "Re: Preventing OS Detection"

Previous message: Infosecnyc: "FW: Preventing OS Detection"
In reply to: Paul Kurczaba: "Preventing OS Detection"
Next in thread: Thompson, Jimi: "RE: Preventing OS Detection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 24 Feb 2004 17:05:46 +0000 (GMT)
To: focus-ms@securityfocus.com

I thought Netcraft just took the OS as a result of snarfing the HTTP
banner when it connects to port 80. So all you should have to do is
change the Web Server that is reported by IIS. If you don't do this
then theres no point changing any IP/TCP parameters. In IIS I
believe you have to change the banner string in W3SVC.DLL
This is how www.hotmail.com still gets away with, in reality, running
BSD, a real OS, while keeping the MS marketeers happy. :)

You can use a tool like this to make the change.

http://www.snapfiles.com/get/iisbanner.html

Tony

On Fri, 20 Feb 2004, Paul Kurczaba wrote:

> Is there a way
> in the windows registry to prevent Netcraft (or anyone else) from
> identifying my OS?

- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -
| PLEASE NOTE if you intend to sign me up for any mailshots or e-postcards |
| or on any websites that require my e-mail address, instead please use the|
| the address MAILBAG AT ayahuasca.net. |
| This is to help manage the ineviteable SPAM that these sites end up gen- |
| erating. If you are in any doubt as to the integrity or purpose of a web |
| site service, please do not sign me up for inclusion or mails at all. |
| PGP Public Key : http://www.ayahuasca.net/Tony_Moran@Ayahuasca.net.asc |
| Key fingerprint = 9FA8 F5FD A1D1 C473 2ECB EF94 89E3 5C54 FBDD 2BC0 |
- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
| "The most important kind of freedom is to be what you really are. |
| You trade in your reality for a role. You trade in your sense for an |
| act. You give up your ability to feel, and in exchange, put on a mask. |
| There can't be any large-scale revolution until there's a personal |
| revolution, on an individual level. It's got to happen inside first." |
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Next message: Ansar Mohammed: "Re: Preventing OS Detection"

Previous message: Infosecnyc: "FW: Preventing OS Detection"
In reply to: Paul Kurczaba: "Preventing OS Detection"
Next in thread: Thompson, Jimi: "RE: Preventing OS Detection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Framed web site
... was what is called in the trade as a PEBCAK (Problem Exists Between Chair ... With regards to using frames, like I have said without using Java script I ... see no way of keeping the top banner and side banner in view at all times for ...
(microsoft.public.frontpage.client)
RE: avoiding detection by netcraft site
... Netcraft works by parsing out the signatures supplied by ... If you don't want them to recognize your OS/Server, ... into removing or modifying how your web server displays it's banner. ...
(Security-Basics)