Security Basics mailing list archives

RE: Preventing OS Detection

From: "Tiago Halm" <thalm () netcabo pt>
Date: Fri, 27 Feb 2004 22:58:54 -0000

Paul,

To simply change the IIS Banner you can use IISBanner ("IIS Banner Changer")
which is a open-source ISAPI that does exactly that.
http://www.kodeit.org/products/iisbanner/default.htm

If you need any kind of security over IIS, you can use IISShield
("Application Layer Firewall") which extends the filtering capabilities of
MS URLScan.
http://www.kodeit.org/products/iisshield/default.htm

As for OS detection, you can always try to "play" with the registry settings
at:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

A useful KB 120642 - TCP/IP and NBT Configuration Parameters for Windows
2000 or Windows NT - may help you viewing what each of the entries mean.
http://support.microsoft.com/support/kb/articles/Q120/6/42.asp

Hope it helps,
Tiago Halm
http://www.kodeit.org


-----Original Message-----
From: Paul Kurczaba [mailto:paul () myipis com] 
Sent: Friday, February 20, 2004 17:30
To: security-basics () securityfocus com
Subject: Preventing OS Detection


If I go to http://uptime.netcraft.com and enter my website, Netcraft will
display my web servers OS, determined from the TCP/IP packet. Is there a way
in the windows registry to prevent Netcraft (or anyone else) from
identifying my OS? On the page http://www.webhostgear.com/36,1.html in
paragraph titled "Netcraft is Watching", it briefly describes that registry
changes can be made. Can someone please give me some specific registry
changes to prevent others from identifying my web servers OS?

Thanks,
Paul Kurczaba





---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Preventing OS Detection Paul Kurczaba (Feb 20)
- RE: Preventing OS Detection dave kleiman (Feb 24)
  - RE: Preventing OS Detection Tiago Halm (Feb 27)
- Re: Preventing OS Detection Vincent (Feb 24)
  - RE: Preventing OS Detection Jim Laverty (Feb 25)
- RE: Preventing OS Detection Joey Peloquin (Feb 24)
  - RE: Preventing OS Detection Aditya, ALD [Aditya Lalit Deshmukh] (Feb 27)
    - RE: Preventing OS Detection Joey Peloquin (Feb 27)
- <Possible follow-ups>
- RE: Preventing OS Detection Hagen, Eric (Feb 24)
- RE: Preventing OS Detection Hagen, Eric (Feb 24)
  - Re: Preventing OS Detection Naren (Feb 25)
- FW: Preventing OS Detection check (Feb 25)
  - MS IIS Urlscan - Preventing OS Detection Tom Milliner (Feb 25)