Re: Preventing OS Detection

From: Ansar Mohammed (ansarm_at_vistapark.org)
Date: 02/24/04

  • Next message: Thompson, Jimi: "RE: Preventing OS Detection" 
    Date: Tue, 24 Feb 2004 13:22:34 -0400
To: Hernan Marcelo Racciatti <hracciatti@hotmail.com>

    one of the techniques that netcraft uses is the OPTIONS http method to
    determine your web server type

    you can simulate this by telnetting to port 80 on any web server and typing

    OPTIONS * HTTP/1.1
    Host: insert_your_webserver_name_here
    <enter>
    <enter>

    you can prevent IIS from returning this info by using URLScan or any
    other ISAPI based IIS application firewall.

    They determine your uptime by using features described in rfc 1323
    method similat to nmap. Specifically TCP timestamping.
    you can disable this feature by using the follwing kbase article

    http://support.microsoft.com/default.aspx?scid=kb;en-us;224829

    have joy...
    Ansar.
    will hack for food.

    Hernan Marcelo Racciatti wrote:

    >> If I go to http://uptime.netcraft.com and enter my website, Netcraft will
    >> display my web servers OS, determined from the TCP/IP packet. Is there
    >> a way
    >> in the windows registry to prevent Netcraft (or anyone else) from
    >> identifying my OS? On the page http://www.webhostgear.com/36,1.html in
    >> paragraph titled "Netcraft is Watching", it briefly describes that
    >> registry
    >> changes can be made. Can someone please give me some specific registry
    >> changes to prevent others from identifying my web servers OS?
    >
    >
    > Hi,
    >
    > Mmmm.. I think .. firewall is the best option. Edit metabase for change
    > banner's in SMTP and HTTP service (In some cases URLScan and some
    > changes in metabese make an good job too). Respect to TCP/IP settings,
    > all of the TCP/IP parameters are registry values located under the
    > registry key:
    >
    > HKEY_LOCAL_MACHINE
    > \SYSTEM
    > \CurrentControlSet
    > \Services:
    > \Tcpip
    > \Parameters
    >
    > RWIN, MSS
    > ---------------
    > HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    > (GlobalMaxTcpWindowSize, TcpWindowSize, Tcp1323Opts)
    >
    > MTU
    > ------
    > HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
    > (MTU)
    >
    > TTL
    > -----
    > HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    > (DefaullTTL)
    >
    >
    > Note: I recommend test this in NO PRODUCTION server. altering these
    > settings will affect your server's performance in diverse ways. Pleasee
    > care! In the major case one valuer setting is a multiple of other
    > value... mmm a TCP/IP knowledge is very important for this settings
    > function.
    >
    > Some links:
    >
    > http://secinf.net/info/nt/2000ip/tcpipimp.html
    > http://www.speedguide.net/read_articles.php?id=157
    > http://www.seoconsultants.com/articles/1000/security.asp
    > http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/locktool.asp
    >
    > http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/urlscan.asp
    >
    > http://www.petri.co.il/change_the_smtp_banner.htm
    >
    > Good luck!
    >
    > Hernán Marcelo Racciatti
    >
    > [mailto:hracciatti@hotmail.com]
    > [http://www.hernanracciatti.com.ar]
    >
    > _________________________________________________________________
    > Charla con tus amigos en línea mediante MSN Messenger:
    > http://messenger.latam.msn.com/
    >
    >
    > ---------------------------------------------------------------------------
    > Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
    >
    > Protect your network with the comprehensive security solution that
    > integrates six applications for ease of use and lower TCO.
    >
    > Firewall - Virus protection - Spam protection - URL blocking - VPN -
    > Wireless security.
    >
    > Download 30-day evaluation at:
    > http://www.securityfocus.com/sponsor/Astaro_focus-ms_040219
    > ---------------------------------------------------------------------------
    >
    >

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Thompson, Jimi: "RE: Preventing OS Detection"

    Relevant Pages

    • Re: Web server settings volatile?
      ... So in order to get all my registry settings preserved after shutdown, ... |> I've set up a web server on Windows CE 6.0 and all virtual directories ...
      (microsoft.public.windowsce.embedded)
    • Re: Web server settings volatile?
      ... Are you using the hive based registry? ... If you are using the RAM ... I've set up a web server on Windows CE 6.0 and all virtual directories ... But after a reboot or shutdown, all settings are gone, I need to ...
      (microsoft.public.windowsce.embedded)
    • Re: Auto_new VBA to autoname a document and autosave to a specific
      ... Window's Registry. ... You say that it errors when coming across the first PrivateProfileString ... When a database is on a different server from the Web server. ...
      (microsoft.public.word.vba.general)
    • Re: Retrieving state information from a middle tier
      ... which I imagine means multiple sets of connection information. ... can store as many Connection Strings, etc. in the Registry that you want. ... > (web server). ... > IISIntrinsics to retrieve Session information (where I store the server/db ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: ATL ISAPI Deployment problem
      ... I found this issue is not related to IIS settings. ... the ISAPI does not work on all the computers without Visual Studio 2005 installed. ... I compared the settings on the target web server and development web server. ...
      (microsoft.public.vc.atl)