RE: Preventing OS Detection

From: dave kleiman (dave_at_isecureu.com)
Date: 02/21/04

  • Next message: Josh Mills: "RE: How to find a changing IP on ethernet network" 
    To: <security-basics@securityfocus.com>
Date: Fri, 20 Feb 2004 18:38:50 -0500

    Paul,

    Since you mentioned "registry changes" I am assuming you are talking about
    an Windows OS. You can easily hide the "server" info on a IIS system by
    removing the server header. I imagine since you seemed concerned with
    security you are using UrlScan, in the urlscan.ini file change
    RemoveServerHeader to =1 instead of =0.

    But this only masks it for the type of request Netcraft is doing, it will
    not stop a portscan or things of that nature from identifying your OS.

     
    _____________________________________
    Dave Kleiman, CISSP, CISM, CIFI, MCSE
    www.SecurityBreachResponse.com

    "If Wile E. Coyote had enough money to buy all that Acme crap, why didn't he
    just buy dinner?" S.W.
     

    -----Original Message-----
    From: Paul Kurczaba [mailto:paul@myipis.com]
    Sent: Friday, February 20, 2004 17:30
    To: security-basics@securityfocus.com
    Subject: Preventing OS Detection

    If I go to http://uptime.netcraft.com and enter my website, Netcraft will
    display my web servers OS, determined from the TCP/IP packet. Is there a way
    in the windows registry to prevent Netcraft (or anyone else) from
    identifying my OS? On the page http://www.webhostgear.com/36,1.html in
    paragraph titled "Netcraft is Watching", it briefly describes that registry
    changes can be made. Can someone please give me some specific registry
    changes to prevent others from identifying my web servers OS?

    Thanks,
    Paul Kurczaba

    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.

    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.

    Download 30-day evaluation at:
    http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
    ----------------------------------------------------------------------------

  • Next message: Josh Mills: "RE: How to find a changing IP on ethernet network"

    Relevant Pages

    • Securing the Registry.
      ... web server, the best resource of all was probably Improving Web Application ... Security - Threats and Countermeasures, an absoloute bible for all ye web ... The registry is the repository for many vital server configuration settings. ...
      (microsoft.public.windows.server.security)
    • Securing the Registry.
      ... web server, the best resource of all was probably Improving Web Application ... Security - Threats and Countermeasures, an absoloute bible for all ye web ... The registry is the repository for many vital server configuration settings. ...
      (microsoft.public.security)
    • Securing the Registry.
      ... web server, the best resource of all was probably Improving Web Application ... Security - Threats and Countermeasures, an absoloute bible for all ye web ... The registry is the repository for many vital server configuration settings. ...
      (microsoft.public.inetserver.iis.security)
    • Securing the Registry.
      ... web server, the best resource of all was probably Improving Web Application ... Security - Threats and Countermeasures, an absoloute bible for all ye web ... The registry is the repository for many vital server configuration settings. ...
      (microsoft.public.win2000.security)
    • RE: Preventing OS Detection
      ... If I go to http://uptime.netcraft.com and enter my website, ... in the windows registry to prevent Netcraft from ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Focus-Microsoft)