Re: NT/IIS decoy

[Chuck Fitzpatrick <cfitz () stic net>]

Here's a URL for some programs that allow you to edit the banner info for
web, ftp, and smtp in IIS and Apache. Maybe that's what you're looking for.

http://www.nstalker.com/banners.php

-Chuck

At 06:52 AM 12/7/2001 -0500, Lambott () aol com wrote:
> Hello
>
> Does anyone know how to hide or mask the identity of a IIS 4.0 or 5.0 server 
> such that if a "GET" command is issued following a telnet to the server on 
> port 80, the server will display a different server type so as to hide it's 
> true identity.
>
> I searched the IIS installation drive using the following strings - 
> Microsoft-IIS/4.0 and Microsoft-IIS/5.0
> The result was a file called w3svc.dll which is aparently the IIS world wide 
> web publishing service, I manually stopped this service, backed up the file 
> and then ammended it to reflect my decoy server type, however, next time I 
> attempt to start the service it failed.
> I have heard of honey pot type program that can also achieve my desired 
> result, but never actually played with one myself.
>
> Has anyone come across this and does anyone know of any solution for what I 
> am trying to achieve.
>
> Thanks
>
> Taiye Lambo, CISSP
> Principal Security Consultant
> CyberCops Europe (UK)
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/