RE: Preventing OS Detection

From: Tiago Halm (thalm_at_netcabo.pt)
Date: 02/27/04

  • Next message: Derek Odiorne: "RE: Email Issues" 
    To: <security-basics@securityfocus.com>
Date: Fri, 27 Feb 2004 22:58:54 -0000

    Paul,

    To simply change the IIS Banner you can use IISBanner ("IIS Banner Changer")
    which is a open-source ISAPI that does exactly that.
    http://www.kodeit.org/products/iisbanner/default.htm

    If you need any kind of security over IIS, you can use IISShield
    ("Application Layer Firewall") which extends the filtering capabilities of
    MS URLScan.
    http://www.kodeit.org/products/iisshield/default.htm

    As for OS detection, you can always try to "play" with the registry settings
    at:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

    A useful KB 120642 - TCP/IP and NBT Configuration Parameters for Windows
    2000 or Windows NT - may help you viewing what each of the entries mean.
    http://support.microsoft.com/support/kb/articles/Q120/6/42.asp

    Hope it helps,
    Tiago Halm
    http://www.kodeit.org

    -----Original Message-----
    From: Paul Kurczaba [mailto:paul@myipis.com]
    Sent: Friday, February 20, 2004 17:30
    To: security-basics@securityfocus.com
    Subject: Preventing OS Detection

    If I go to http://uptime.netcraft.com and enter my website, Netcraft will
    display my web servers OS, determined from the TCP/IP packet. Is there a way
    in the windows registry to prevent Netcraft (or anyone else) from
    identifying my OS? On the page http://www.webhostgear.com/36,1.html in
    paragraph titled "Netcraft is Watching", it briefly describes that registry
    changes can be made. Can someone please give me some specific registry
    changes to prevent others from identifying my web servers OS?

    Thanks,
    Paul Kurczaba

    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.

    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.

    Download 30-day evaluation at:
    http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Derek Odiorne: "RE: Email Issues"

    Relevant Pages

    • RE: Preventing OS Detection
      ... If I go to http://uptime.netcraft.com and enter my website, ... in the windows registry to prevent Netcraft from ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Focus-Microsoft)
    • RE: Preventing OS Detection
      ... Since you mentioned "registry changes" I am assuming you are talking about ... You can easily hide the "server" info on a IIS system by ... But this only masks it for the type of request Netcraft is doing, ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Security-Basics)
    • RE: Preventing OS Detection
      ... If I go to http://uptime.netcraft.com and enter my website, ... in the windows registry to prevent Netcraft from ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Focus-Microsoft)
    • Preventing OS Detection
      ... If I go to http://uptime.netcraft.com and enter my website, ... display my web servers OS, ... it briefly describes that registry ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Focus-Microsoft)
    • Preventing OS Detection
      ... If I go to http://uptime.netcraft.com and enter my website, ... display my web servers OS, ... it briefly describes that registry ... Astaro Security Linux -- firewall with Spam/Virus Protection ...
      (Security-Basics)