Re: IIS 6 Header and Banner information
From: _M_ (here_at_gone.com)
Date: 05/03/04
- Next message: Sn: "Event id 7031"
- Previous message: Veets: "SSL Question"
- In reply to: Ken Schaefer: "Re: IIS 6 Header and Banner information"
- Next in thread: Karl Levinson [x y] mvp: "Re: IIS 6 Header and Banner information"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 3 May 2004 09:27:51 -0400
I used Qualys (www.Qualys.com) to do a vulnerability check. This check will
check for all known vulnerabilities. It was able to tell the real server
name and internal IP address from the banner information that it was given.
"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:urHIUtzLEHA.1644@TK2MSFTNGP09.phx.gbl...
> You will need to tell us:
> a) what security audit you ran
> b) brief details of your internal configuration
> c) how the tool determined your configuration from the information you're
> giving out.
>
> Something like the HTTP Server: header only contains
>
> Server: Microsoft-IIS/6.0
>
> That's it. From that information alone, it is impossible to determine
> internal IP addresses, or hostnames
>
> Cheers
> Ken
>
>
> "_M_" <here@gone.com> wrote in message
> news:OoKupatLEHA.1156@TK2MSFTNGP09.phx.gbl...
> : How do you set the header and banner information returned by IIS 6's
> : services (FTP,
> : HTTP, SMTP, etc.) ???
> :
> : I ran an external Security Audit scanner and it was able to tell in
> internal
> : host name and IP address as well as more.
> :
> : TIA
> :
> :
>
>
- Next message: Sn: "Event id 7031"
- Previous message: Veets: "SSL Question"
- In reply to: Ken Schaefer: "Re: IIS 6 Header and Banner information"
- Next in thread: Karl Levinson [x y] mvp: "Re: IIS 6 Header and Banner information"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
