Re: How do I alter returned iis name
From: Alun Jones (alun@texis.com)
Date: 08/30/02
- Next message: BB: "Re: FRONT PAGE EXTENSIONS"
- Previous message: Eric Chamberlain: "Re: Can I Use basic or integrated authentication agains an external Kerberos KDC?"
- In reply to: Don Grover: "Re: How do I alter returned iis name"
- Next in thread: Paul Lynch: "Re: How do I alter returned iis name"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: alun@texis.com (Alun Jones) Date: Fri, 30 Aug 2002 01:21:48 GMT
In article <#1ADSj7TCHA.1936@tkmsftngp10>, "Don Grover"
<dgrover@assoft.com.au> wrote:
>After having run a number of security type apps, I notice that the server
>Brand and Type is returned from those applications.
>I would like to return a different Server name?.
>I have checked Technet and MSDN and can't find any reference to doing that.
>I know if I query Server variables It returns back 'Microsoft-IIS/5.0' How
>can I alter that retunred string.
Have you seen any attacks that check for this string? I've run a few
'exposed' servers (deliberately, to see what kind of attacks are going round),
and without exception, the attacks that I see aren't targetted at my kind of
server. That makes sense, because it takes the attacker longer (and more time
and effort to code) to query your server type and check it against a database
than it does to just send the attack, knowing that it'll succeed only on those
servers that are susceptible to that attack.
It really won't get you any extra security to change the server type that's
returned, and it may cause client code to not use features of the server that
would be beneficial. Sounds like a draw and a loss, when what you were hoping
for was at least one win.
Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
-- Texas Imperial Software | Try WFTPD, the Windows FTP Server. Find us at 1602 Harvest Moon Place | http://www.wftpd.com or email alun@texis.com Cedar Park TX 78613-1419 | VISA/MC accepted. NT-based sites, be sure to Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for XP/2000/NT.
- Next message: BB: "Re: FRONT PAGE EXTENSIONS"
- Previous message: Eric Chamberlain: "Re: Can I Use basic or integrated authentication agains an external Kerberos KDC?"
- In reply to: Don Grover: "Re: How do I alter returned iis name"
- Next in thread: Paul Lynch: "Re: How do I alter returned iis name"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
