Re: Apache/1.3.22 (Unix) (Red-Hat/Linux) mod_ssl/2.8.5 OpenSSL/0.9.6 DAV/1.0.2 PHP/4.0.4pl1 mod_perl/1.24_01

From: Jim Zajkowski (jim@jimz.net)
Date: 01/28/02

• Previous message: Meritt James: "Re: Legal problem - IDS - Commercial Vs Open Source."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 28 Jan 2002 13:33:49 -0500
From: Jim Zajkowski <jim@jimz.net>
To: security-basics@securityfocus.com

On Fri, Jan 25, 2002 at 06:43:23PM -0000, Don Balunos wrote:

> Can anyone help me how to configure Apache web
> server to return bogus versions, so that it makes the
> cracker job more difficult.

The reality is that changing your version string isn't going to make
anyone's job more difficult.

First, most script kiddies use automated cracking tools that don't even
bother looking at the version string, they just blast away.

Second, the annoying IIS worms (eg, CodeRed) didn't care either.

Third, serious attackers won't trust what the system says, anyway.

--Jim

-- 
Jim Zajkowski
System Administrator            http://www.jimz.net/pgp-pubkey.asc
ITCS Contract Services  8A9E 1DDF 944D 83C3 AEAB  8F74 8697 A823 2113 5C53

---

• Previous message: Meritt James: "Re: Legal problem - IDS - Commercial Vs Open Source."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > security-basics  > 2002-01