Re: hiding IIS 6.0 signatures



Hiding an "IIS" signature is merely "security through obscurity".

An exploit that compromises IIS will work regardless of whether your server exhibits IIS behaviour or not.

And frameworks like metasploit mean that an attacker can hurl thousands of automated exploits at your server, disregarding what it is (or attempts to disguise it) in a few seconds. Obscurity = good. But it's not real security.

Cheers
Ken

"tony" <tony@xxxxxxx> wrote in message news:%23Wh1D8zVIHA.4740@xxxxxxxxxxxxxxxxxxxxxxx
we currently have linux proxies in front of IIS. i want to remove the proxies and expose the IIS servers.

any downside or comments on this setup?
"Bernard Cheah [MVP]" <qbernard@xxxxxxxxxxxxxxxxxxx> wrote in message news:u7$KXtzVIHA.536@xxxxxxxxxxxxxxxxxxxxxxx
You can try urlscan from ms.com
Hiding the banner won't protect the server from being attacks.

So make sure the box is patch, you have proper firewall etc in place.

--
Regards,
Bernard Cheah
http://www.iis.net/
http://msmvps.com/blogs/bernard/


"tony" <tony@xxxxxxx> wrote in message news:OPs5VJzVIHA.5508@xxxxxxxxxxxxxxxxxxxxxxx
How do i hide IIS 6 signatures from a scan or netcraft?






.



Relevant Pages

  • [NT] Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise
    ... This patch eliminates a newly discovered vulnerability affecting Internet ... in IIS 4.0 and 5.0, and could likewise be used to overrun heap memory on ... allowing code to be run on the server. ... * Microsoft has long recommended disabling HTR functionality unless there ...
    (Securiteam)
  • Re: Problem with connect computer wizard
    ... Make sure the Windows XP client is pointing to the SBS 2003 server as ... Please collect the IIS metabase and the latest IIS log files further ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • RE: IIS Key pairs (how to export an IIS 4.0 self-issued Root CA a nd import into new IIS 4.0 box)
    ... IIS key to an Intel SSL acelerator ... it issues client certificates to the end users. ... Step I - Installing the New Server ... Install NT SP 3 ONLY ...
    (Focus-Microsoft)
  • Re: SBS 2003 After Service Pack 1 for SBS
    ... we can conclude the SBS 2003 SP1 has been applied ... Please help me collect the IIS metabase to check ... and using server management console to reproduce the problem. ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • FW: Microsoft Security Advisory MS 03-007
    ... am trying to find a vulnerability tester/script and I could test it out ... Department of the Army server that had been compromised and that this ... announcement covers IIS 5.1 but not IIS 6, ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ...
    (Focus-Microsoft)