RE: Preventing OS Detection

[Joey Peloquin <jpelo1 () jcpenney com>]

If you decide to change your banners, just be conscious of the fact that
this is a layer of obscurity, not security.  Someone with skills will find
out what you're running anyway.

There are free tools to do this [1], as well as commercial tools [2].  

If you search the registry for Server: Microsoft-IIS/5.0, you won't find it.
So if it *is* in the registry, it's not in English.

The only way I know of to change IIS banners is to modify the corresponding
DLL with a hex editor [3].  For example, \winnt\system32\inetsrv\w3svc.dll
for the web service.

Finally, if any of this voids a warranty or service agreement; I didn't tell
you how to do it.

Good luck.

Joey Peloquin

[1] http://www.webattack.com/freeware/server/fwiis.html (I use several tools
from this site; I don't know of any reason not to trust them - Search:
Banner Edit Tool)
[2] http://www.seoconsultants.com/windows/servers/servermask.asp
[3] http://www.securiteam.com/securitynews/5RP0L1540K.html

> > -----Original Message-----
> > From: Paul Kurczaba [mailto:paul () myipis com] 
> > Sent: Friday, February 20, 2004 4:30 PM
> > To: security-basics () securityfocus com
> > Subject: Preventing OS Detection
> >
> >
> > If I go to http://uptime.netcraft.com and enter my website, 
> > Netcraft will display my web servers OS, determined from the 
> > TCP/IP packet. Is there a way in the windows registry to 
> > prevent Netcraft (or anyone else) from identifying my OS? On 
> > the page http://www.webhostgear.com/36,1.html in paragraph 
> > titled "Netcraft is Watching", it briefly describes that 
> > registry changes can be made. Can someone please give me some 
> > specific registry changes to prevent others from identifying 
> > my web servers OS?
> >
> > Thanks,
> > Paul Kurczaba
> >
> >
> >
> > --------------------------------------------------------------
> > -------------
> > Free trial: Astaro Security Linux -- firewall with Spam/Virus 
> > Protection
> >
> > Protect your network with the comprehensive security solution 
> > that integrates six applications for ease of use and lower TCO.
> >
> > Firewall - Virus protection - Spam protection - URL blocking - VPN
> > - Wireless security.
> >
> > Download 30-day evaluation at: 
> > http://www.securityfocus.com/sponsor/Astaro_security-basics_04
0219
----------------------------------------------------------------------------

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  If the reader of this message is not the intended recipient,
you are hereby notified that your access is unauthorized, and any review,
dissemination, distribution or copying of this message including any
attachments is strictly prohibited.   If you are not the intended
recipient, please contact the sender and delete the material from any
computer.

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
----------------------------------------------------------------------------