Re: CRIME Netcraft Ethics

From: Zot O'Connor (zot@private)
Date: Mon Jun 24 2002 - 22:59:57 PDT

  • Next message: Alan: "Re: CRIME Netcraft Ethics"

    This is the technique I have used with Apache binaries (you can
    recompile it).
    
    I *should* be possible to filter IIS with ISAPI filters.  I tested it a
    while back for other reasons.
    
    I *believe* apache 2.0.X allows you to even change the "Apache" keyword.
    
    Personally I chnaged the Binary to another 6 letter word.  The problem
    with the string, is that it usually is parsed.
    
    And the standard error page still posted the Apache version.
    
    
    BTW the Server Token posting by Alan removes most of the extraneous info
    like OS, PHP, Mysql, etc.
    
    On Sun, 2002-06-23 at 22:42, brvarin@private wrote:
    > From what I've been told, some Microsoft developers attempted to make it
    > much easier to modify this but the marketing geniuses said no because if
    > more clients did this, Microsofts market share would appear to be less.
    > I'm not sure what Apache's excuse is.
    > 
    > With IIS I believe all  you have to change the file
    > Winnt\System32\Inetsrv\W3SVC.DLL file.  The caveat there is that it
    > normally will say: Microsoft-IIS/5.0 but if you replace it, you have to
    > have the same number of characters.... It'd be kind of cool to put in
    > something like: Palm OS Webserver. Sure if you are really determined you
    > can figure it out but it would throw scripts and scanners off.
    > 
    > 
    > 
    > 
    -- 
    Zot O'Connor
    
    http://www.ZotConsulting.com
    http://www.WhiteKnightHackers.com
    



    This archive was generated by hypermail 2b30 : Mon Jun 24 2002 - 23:28:00 PDT