Bugtraq mailing list archives
Re: easy remote detection of a running tripwire for webpages system
From: Gabriel Lawrence <gabe () landq org>
Date: Tue, 28 Aug 2001 20:28:49 -0700
This capability is controlled by the ServerTokens directive in apache. You can turn off the overly informative server line using this directive:
ServerTokens ProdAs a side note, if you don't do this the server line will contain other useful tidbits like what version of PHP, mod_jk and mod_jrun your Apache server is running (if you are running these things of course.) All of this information is something a crafty program could use to find a vulnerable server assuming a specific version of one of these things has a vulnerability of interest.
-gabe johncybpk () gmx net wrote:
Hi all, when i played arround with tripwire for webpages, i noticed that it is very easy to detect if this tool is running on a remote machine. just type : telnet <remote-host> 80 HEAD / HTTP/1.0 The Output looks as follows : HTTP/1.1 200 OK Date: Tue, 28 Aug 2001 15:41:33 GMTServer: Apache/1.3.20 (Unix) mod_ssl/2.8.4 OpenSSL/0.9.6 Intrusion/1.0.3 Last-Modified: Fri, 13 Jul 2001 11:32:48 GMTETag: "c7a3-6f-3b4edc60" Accept-Ranges: bytes Content-Length: 111 Connection: close Content-Type: text/html The text 'Intrusion/1.0.3' in the 'Server:' line tells me that Tripwire for Webpages 1.0.3 is running. This output is caused by the module : libmod_tripwire.so The gathered information could be used by an attacker to be more careful when trying to deface the content of the site running TWP. Because then the attacker tries first to disable the TWP mechanism coz of no alerting to the admin and second the defacement appears on the screen of the surfers who visit the site. cheers johnny.cyberpunk () illegalaccess org
-- There is a fine line between coincidence and destiny.
Current thread:
- easy remote detection of a running tripwire for webpages system johncybpk (Aug 28)
- Re: easy remote detection of a running tripwire for webpages system Gabriel Lawrence (Aug 29)
- RE: easy remote detection of a running tripwire for webpages system Bennett Samowich (Aug 29)