Could be Apache...you can modify the http.h SERVERBASENAME, SERVERVERSION (don't quote me on the exactness of these variables...it's been a while) and you have a new name when you compile. Performing httpd -v will tell you what it is if you have access to the box. -----Original Message----- From: charrin2at_private [mailto:charrin2at_private] Sent: Tuesday, July 08, 2003 11:46 AM To: pen-testat_private Subject: Unusual Web Server All, I have found a web server that I cannot identify. It is listening on port 5050. When I telnet to it I get: telnet host.foobar.com 5050 Trying 10.10.10.10... Connected to host.foobar.com. Escape character is '^]'. HTTP/1.1 400 Bad Request Date: Tue, 8 July 2003 14:59:05 Server: Web/R5_2_2 400 Bad Request Connection closed by foreign host. If I try to browse to it I am prompted for a username / password. After entering the wrong password I get the ususal 401 unauthorized. The default page is layout.html Any help would be appreciated. --Chris ------------------------------------------------------------------------ --- The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users. Visit Tenable Network Security at http://www.tenablesecurity.com to learn more. ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users. Visit Tenable Network Security at http://www.tenablesecurity.com to learn more. ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jul 08 2003 - 14:36:17 PDT