Date: Sat, 28 Nov 1998 19:39:00 +1000 (EST) From: Andrew Kenneth Milton <akm@zeus.theinternet.com.au> To: fygrave@tigerteam.net (CyberPsychotic) Cc: freebsd-security@FreeBSD.ORG Subject: Re: Detecting remote host type and so on.. Message-ID: <199811280939.TAA22579@zeus.theinternet.com.au> In-Reply-To: <Pine.LNX.4.05.9811281331240.4308-100000@gizmo.kyrnet.kg> from CyberPsychotic at "Nov 28, 98 01:59:23 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
+----[ CyberPsychotic ]---------------------------------------------
| So the place where it picks the type of WebServer is obvious: Server tag.
| But I wonder how would that figure out what platform I am running.. What
| comes in mind is that Etag here is something which purpose I don't
| understand. If that is a platform specific thing, maybe they just did
| checks on different plattforms and made pre-recordings?
>From the webpage....
Netcraft diagnoses the operating system of the queried host by looking in detail at the network characteristics of the response it receives from the web site.
The reported operating system may be different to the one you expected because:
The site is using a reverse web proxy, such as Novell's BorderManager FastCache. In this situation we will be connecting to the reverse web proxy rather than the originating web server.
The site is using a load balancing, high availability, HTTP switch like BIG/ip. Some of these switches handle the TCP connection themselves, so we detect the switch's O/S rather than the
web server's.
The site is using a TCP connection-level firewall, such as provided in the TIS Gauntlet, BorderWare, IBM's eNetwork firewalls and other HTTP level relays. In these cases we also will
receive data from the intermediate machine rather than the web server.
The site has changed the default configuration of their TCP/IP stack, perhaps for performance reasons, or have an unusual LAN environment.
The site uses multiple servers using different operating systems on a round robin basis.
We made a mistake. If you see an O/S & web server combination reported that you know to be wrong, please tell us.
--
Totally Holistic Enterprises Internet| P:+61 7 3870 0066 | Andrew
The Internet (Aust) Pty Ltd | F:+61 7 3870 4477 | Milton
ACN: 082 081 472 | M:+61 416 022 411 |72 Col .Sig
PO Box 837 Indooroopilly QLD 4068 |akm@theinternet.com.au|Specialist
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811280939.TAA22579>