I
believe Microsoft's URLScan utility also has a feature to change the returned
string on top of providing other security features. Rather than edit
W3SVC.dll, the May 2001 issue of Windows Developer has an article on writing a
basic ISAPI dll to do roughly the same thing.
Sebastian
-----Original Message-----
From: Jeff L. Johnson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 10, 2002 4:07 PM
To: Taed Wynnell; BOUR Daniel; Nessus Mailing List (E-mail)
Subject: RE: Null SessionTry this:-----Original Message-----
From: Taed Wynnell [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 10, 2002 7:45 AM
To: 'BOUR Daniel'; Nessus Mailing List (E-mail)
Subject: RE: Null SessionOn IIS Version: We're running Windows NT, and the only solution we could find was to edit (ack!) W3SVC.DLL, which contains the string hard-coded.On Null Session: Again, on Windows NT, you can do the RestrictAnonymous (search MS Knowledge Base), which helps a little, but doesn't get rid of any Nessus errors. Since we need that port for domain administration and whatnot, we can't filter it.-----Original Message-----
From: BOUR Daniel [mailto:[EMAIL PROTECTED]]
Sent: Wednesday 10 April 2002 2:58 AM
To: [EMAIL PROTECTED]
Subject: Null SessionHey,
I know its a nessus mailing list.
When I scan a IIS web server with nessus, it always give me the type of my IIS server.
Can someone give me a solution to return another name that Microsoft-IIS/X ?Thanks
Daniel BOUR.
