NYCPHP Meetup

NYPHP.org

[nycphp-talk] Basic security question

inforequest sm11szw02 at sneakemail.com
Sat Jul 17 11:37:03 EDT 2004


Paul Reinheimer preinheimer-at-gmail.com |nyphp 04/2004| wrote:

>for every peice of information they want. Set the apache server string
>to claim it is some recent release of IIS, tell all the services not
>  
>

I can't think of anything I would want *less* than probes thinking my 
box is IIS. My log would be full of 256+ length "XXXX" strings, .exec 
hack attempts, worm hole seekers, etc. And if a cracker actually was 
fooled enough to think my box WAS some form of hardened IIS, then the 
script kiddies would surely try everything against it, fully confident 
that something would work.

I think having identify itself as SecureBSD or perhaps 
name_a_planet(@random)  would be less of a liability.
 




More information about the talk mailing list