From owner-freebsd-security Fri Jul 6 12:30:10 2001 Delivered-To: freebsd-security@freebsd.org Received: from smtp4.hushmail.com (smtp4.hushmail.com [64.40.111.32]) by hub.freebsd.org (Postfix) with ESMTP id 7145737B403 for ; Fri, 6 Jul 2001 12:30:01 -0700 (PDT) (envelope-from appleseed@hushmail.com) Received: from user7.hushmail.com (user7.hushmail.com [64.40.111.47]) by smtp4.hushmail.com (Postfix) with ESMTP id 679792FD5; Fri, 6 Jul 2001 12:29:34 -0700 (PDT) Received: (from root@localhost) by user7.hushmail.com (8.9.3/8.9.3) id MAA30700; Fri, 6 Jul 2001 12:29:34 -0700 From: appleseed@hushmail.com Message-Id: <200107061929.MAA30700@user7.hushmail.com> Date: Fri, 6 Jul 2001 12:06:35 -0500 (PDT) Cc: Khalil.Haddad@ubs.com To: freebsd-security@FreeBSD.ORG Mime-version: 1.0 Content-type: multipart/mixed; boundary="Hushpart_boundary_wqTfrGhjiEbulCjGyoebZhzAceFJAXTb" Subject: Re: Hiding Versions Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --Hushpart_boundary_wqTfrGhjiEbulCjGyoebZhzAceFJAXTb Content-type: text/plain Sup =) You recently wrote this: >After visiting this web site : www.netcraft.com, I discovered that it >is possible to trace version changes of OS, apache or php. > *snip* >I wanted to know how this was possible, if FreeBSD stores version >history somewhere. What should I do to secure this and how, because >knowing that anyone can get the history of version changes on your >system doesn't make you fell secure... > >By the way, the output for my server gives me Apache/1.3.19 but i have >upgraded to 1.3.20 recently, why hasn't this been taken in >consideration? (i used ports to upgrade) > >Thank you for your help. > >Khalil Well, netcraft uses a query to the webserver then reads the header of the response looking for the 'Server' string. Defined in rfc1945 the 'Server' header variable/value pair describes the webserver software running on the target host. I've only audited certain segments of the apache server (and dont run apache myself) so I am not sure if they allow you to redefine the Server string sent with request responses. However, if they are fully rfc1945 compliant they will allow you to redefine the 'Server' string. =) As far as the operating system goes netcraft performs tcp/ip fingerprinting on the target host to determine OS information. If you want to block this information snag yourself a good firewall (pitch IPF here cuz it rockz!) and load up a good ruleset. I wont tell you how I define my ruleset, but, you are better off determining what is best for you. I will say that certain tricks will disturb nmap and friend's logic while constructing a remote operating system fingerprint. Good luck =) northern_ Free, encrypted, secure Web-based email at www.hushmail.com --Hushpart_boundary_wqTfrGhjiEbulCjGyoebZhzAceFJAXTb-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message