Date: Wed, 11 Jul 2001 16:14:05 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Peter Kok <cckok00@hotmail.com> Cc: "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG> Subject: Re: security: scan my server Message-ID: <20010711161405.C90157@xor.obsecurity.org> In-Reply-To: <3B4BAA48.9C955F1A@hotmail.com>; from cckok00@hotmail.com on Tue, Jul 10, 2001 at 09:22:16PM -0400 References: <3B4BAA48.9C955F1A@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--RIYY1s2vRbPFwWeW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jul 10, 2001 at 09:22:16PM -0400, Peter Kok wrote: > That mean it is not security! >=20 > How do I avoid its scan? and > How do they can know which OS of the server? The short answer is that your web server reports the OS type upon request. The longer answer is that even if you stop the web server from doing this, it won't matter, because anyone can tell what OS it's running anyway using other methods -- this is true no matter which OS you run, and there's nothing you can do about it. The reasons are technical, but basically every different OS on the net behaves slightly differently when sending and receiving traffic, and if you know what to look for you can identify it by looking for these differences. It's a completely automated process and there are several tools which can probe any desired system like this (the most complete and popualr being nmap, available in the ports collection). There's nothing you can do about this short of making sure your system does not respond to any packets received from the internet, i.e. closing off all external services and placing your system behind a restrictive firewall. If you want to offer services to the world, like a http server, you have to live with this fact and make sure that your system is secure enough that knowing the OS doesn't help attackers. This is something you have to do anyway, because even if they couldn't tell what OS you're running, they could guess and proceed from there with various possible attacks. Kris --RIYY1s2vRbPFwWeW Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7TN29Wry0BWjoQKURAmBFAKCXDQLghh3+v5xxad8SSHqm2MoVqgCcDovt CTY21OrgoiiRLqv9sqihpIg= =xifF -----END PGP SIGNATURE----- --RIYY1s2vRbPFwWeW-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010711161405.C90157>