Isn't there a tool you can use to finger a web server to determine what kind of server OS is running? Or does it not need to be behind a firewall? (i.e., it needs more than just the webserver)?
Thanks!
Quote from: MyndFyre on August 29, 2011, 06:48:33 PM
Isn't there a tool you can use to finger a web server to determine what kind of server OS is running? Or does it not need to be behind a firewall? (i.e., it needs more than just the webserver)?
Thanks!
I think nmap is capable of that (http://nmap.org/book/osdetect.html).
It depends on the configuration. Often, you can just use netcat (or telnet) to connect on 80, and send 'HEAD / HTTP/1.0' (then hit enter twice) and look for the 'Server: ' header. But that doesn't always work.
Alternatively, try nmap -A as root.
I generally use nmap, but p0f (http://lcamtuf.coredump.cx/p0f.shtml) suits some scenarios better.
Thanks. A co-worker submitted a configuration change request the other day to remove the "X-Powered-By: ASP.NET" header from our web server. He cited "increased security" as a reason. I was fairly certain that it was a load of balls and thought we should let our security department handle security concerns. :)
Quote from: MyndFyre on August 31, 2011, 02:40:46 AM
Thanks. A co-worker submitted a configuration change request the other day to remove the "X-Powered-By: ASP.NET" header from our web server. He cited "increased security" as a reason. I was fairly certain that it was a load of balls and thought we should let our security department handle security concerns. :)
While I understand why you would see this as 'a load of balls', it can help against bad mass-attacks (someone polling a shit ton of servers looking for a specific combination of whatever). It won't do anything against someone attacking you directly, or doing a deep poll (using one of the above tools, etc). While the security risks are marginal, the effort to disable the headers is really small; I would do it. It's also like, 100bytes of bandwidth saved on every request. :D
Quote from: Blaze on August 31, 2011, 02:53:03 AM
Quote from: MyndFyre on August 31, 2011, 02:40:46 AM
Thanks. A co-worker submitted a configuration change request the other day to remove the "X-Powered-By: ASP.NET" header from our web server. He cited "increased security" as a reason. I was fairly certain that it was a load of balls and thought we should let our security department handle security concerns. :)
While I understand why you would see this as 'a load of balls', it can help against bad mass-attacks (someone polling a shit ton of servers looking for a specific combination of whatever). It won't do anything against someone attacking you directly, or doing a deep poll (using one of the above tools, etc). While the security risks are marginal, the effort to disable the headers is really small; I would do it. It's also like, 100bytes of bandwidth saved on every request. :D
Yet iago's request clearly showed "Server: Microsoft/IIS 7.0" or something like that.
X-Powered-By: ASP.NET presents very little useful information. It shows that the server is running one of four .NET versions on any of at least 3 different versions of Windows Server... Server: Microsoft/IIS 7.0 shows that we're running on Windows 2008.
That said, those hundred bytes could be the difference...
The original Battle.net servers advertised themselves as Sun Solaris on telnet (port 23, not 6112). However, Yoni and Skywing have always told me that these servers were really Windows-based.
Quote from: MyndFyre on August 31, 2011, 03:21:53 AM
Yet iago's request clearly showed "Server: Microsoft/IIS 7.0" or something like that.
You can usually disable that, too.
I'm not against security by obscurity, necessarily, but as long as you aren't relying on it, it doesn't hurt.
ASP.net is pretty damn obvious if you look at the source, though, unless you use all your own constructs and not their built-in fields, ajax, viewstate, etc etc.
Quote from: iago on August 31, 2011, 10:02:25 AM
ASP.net is pretty damn obvious if you look at the source, though, unless you use all your own constructs and not their built-in fields, ajax, viewstate, etc etc.
That's not so true anymore with ASP.net MVC. It's gotten rid of all of that other junk like viewstate that gives it away.
Quote from: MyndFyre on August 31, 2011, 11:01:47 AM
Quote from: iago on August 31, 2011, 10:02:25 AM
ASP.net is pretty damn obvious if you look at the source, though, unless you use all your own constructs and not their built-in fields, ajax, viewstate, etc etc.
That's not so true anymore with ASP.net MVC. It's gotten rid of all of that other junk like viewstate that gives it away.
Ah, cool. I haven't been involved in Web stuff much lately.