This can be avoided by setting the "ServerSignature" directive to "Off" in the Apache configuration. Once turned off Apache will only send the line "Server: Apache". This should be done anyways as an attacker can always use version information gathered from reconnaissance to develop an attack plan. See the following link for more information on this directive: http://httpd.apache.org/docs/mod/core.html#serversignature Unfortunately I can't say for sure how to accomplish the same in other web servers but I have to imagine that there is a way... or at least there should be. Cheers, - Bennett > -----Original Message----- > Hi all, > > when i played arround with tripwire for webpages, i noticed > that it is very easy to detect if this tool is running on a remote > machine. just type : > > telnet <remote-host> 80 > HEAD / HTTP/1.0 > > The Output looks as follows : > > HTTP/1.1 200 OK > Date: Tue, 28 Aug 2001 15:41:33 GMT > Server: Apache/1.3.20 (Unix) mod_ssl/2.8.4 OpenSSL/0.9.6 Intrusion/1.0.3 > Last-Modified: Fri, 13 Jul 2001 11:32:48 GMT > ETag: "c7a3-6f-3b4edc60" > Accept-Ranges: bytes > Content-Length: 111 > Connection: close > Content-Type: text/html > > > The text 'Intrusion/1.0.3' in the 'Server:' line tells me that > Tripwire for > Webpages 1.0.3 is running. ...snip...
This archive was generated by hypermail 2b30 : Wed Aug 29 2001 - 09:37:58 PDT