Re: About web server version

[ystar m <ystar.m () laposte net>]

In-Reply-To: <001501c30c3e$a5f21fc0$1500020a@bigdog>

> You will need to modify the source code. Unfortunately
that won't really
> fool anyone. Error messages, header formats/etc all
provide plenty of
> information. Check out Rain.Forest.Puppy's
presentation on this and his
> whisker tool available at wiretrip.net.
>
>
> In any event it doesn't matter, most "generic" web
attacks I have seen are
> not targeted, they simply take a shotgun approach, or
if it's a worm it just
> blasts out at everyone. Much better to spend the time
and effort keeping
> Apache up to date.
>
>
> Kurt Seifried, kurt () seifried org
> A15B BEE5 B391 B9AD B0EF
> AEB0 AD63 0B4E AD56 E574
> http://seifried.org/security/


What you said is true but the problem that we use an
rpm version for apache.
Eliminating this information (apache version) for
avoiding target attacks that can be done on a
vulnerable version when the administrator has not
discover this vulnerability, so this eliminates some
cases or kinds of skilled attackers
Thanks for informations that you have provided