Full Disclosure mailing list archives
Re: [ANNOUNCE]: IISBanner 1.1 released
From: Javier Liendo <javier () liendo net>
Date: Fri, 4 Jul 2003 07:51:05 -0700 (PDT)
hello what are the pro/cons of using IISBanner versus the AlternateServerName or RemoveServerHeader directive of the URLScan tool? regards javier --- Tiago Halm <thalm () netcabo pt> wrote:
Hi all, IISBanner was totally re-coded and is now configurable and fully performant. See details below... ============== IISBanner ============== Author: Tiago Halm Version: 1.1 Platforms: Windows (IIS) License: BSD - Introduction - Description - Configuration - Notes - Notes for version 1.0 - Download Introduction --------------- ISAPI Filters are the only "safe" way of managing (changing, altering, customizing) some of the core parts of IIS. Customizing the "Server" response header is one of those tasks. While altering the "Server" response header may be useful at a security prespective by disguising the web server banner (security by obscurity), keep in mind that there are much more powerfull ways of detecting a server type using tools like nmap. Description -------------- IISBanner is an IIS ISAPI Filter that can be used to specify a replacement for IIS's built in "Server" header, or even to instruct IIS to not use the "Server" response header altogether. The configuration is made by an .ini file, namely "IISBanner.ini". This configuration file must reside in the same directory of IISBanner.dll. Configuration ----------------- The configuration file contains 2 options: Name: RemoveBanner Values: 0 or 1 Description: - If 1, then the "Server" response header is removed, meaning that all IIS responses will not contain any "Server" header, and the ChangeBanner option is ignored; - If 0, then the "Server" response header is not removed and the ChangeBanner option may be used; - If commented, then its value defaults to 0; Name: ChangeBanner Values: Any string up to 255 characters Description: - If string is empty, then IIS's built in "Server" response header remains unchanged; - If string is not empty, then the "Server" response header will be changed to that same value; - If commented, then its value defaults to empty string; Notes -------- - Instalation of this ISAPI Filter must be done at the WebServer level; - The ISAPI runs at low priority; - IIS's performance is NOT affected by this ISAPI Filter. Any stress test will reveal that the number of HTTP requests remains unaffected with or without IISBanner; - DLL size is now 20Kb (compiled without default libraries); - IISBanner is installed at http://www.kodeit.org and may be viewed by a network sniffer at each HTTP response received, or through this simple VBS script:
__________________________________________________________
Set oHTTP =
WScript.CreateObject("Microsoft.XMLHTTP")
Call oHTTP.Open("HEAD", "http://www.kodeit.org";,
False)
Call oHTTP.Send()
WScript.Echo oHTTP.GetAllResponseHeaders()
Set oHTTP = Nothing
__________________________________________________________
Notes for version 1.0 -------------------------- The first version of IISBanner was ONLY demonstrative and it suffered from performance issues. Although download of version 1.0 is still available, its recommended the use of version 1.1 for any real instalation. Download ------------ IISBanner can viewed at http://www.kodeit.org/utils/iisbanner.htm Version 1.1 Binary: http://www.kodeit.org/utils/iisbanner.1.1.zip Source: http://www.kodeit.org/utils/iisbanner_src.1.1.zip Version 1.0 Binary: http://www.kodeit.org/utils/iisbanner.1.0.zip Source: http://www.kodeit.org/utils/iisbanner_src.1.0.zip Comments, this time, are very welcome! Regards, Tiago Halm http://www.kodeit.org _______________________________________________ Full-Disclosure - We believe in it. Charter:
http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [ANNOUNCE]: IISBanner 1.1 released Tiago Halm (Jul 03)
- Re: [ANNOUNCE]: IISBanner 1.1 released Javier Liendo (Jul 04)
- RE: [ANNOUNCE]: IISBanner 1.1 released Tiago Halm (Jul 04)
- Re: [ANNOUNCE]: IISBanner 1.1 released Javier Liendo (Jul 04)