using a binary editor on w3svc.dll only works prior to win2k. Win2k enables Windows file protection (WFP) which will automatically revert back to the original w3svc.dll. You have to turn off WFP in order to get that to work...All of that won't don't you any good if you don't change your default error pages, etc.
URLscan (now MSLOCKDOWN...or something like that) will allow you to change your server response...however, I seem to remember a bug wherein you could "trick" it into not returning the bogus string (a nifty test for nessus if I could remember how it went :-) ). John Lampe https://f00dikator.hn.org/ "Knowledge will forever govern ignorance, and a people who mean to be their own governors, must arm themselves with the power knowledge gives. A popular government without popular information or the means of acquiring it, is but a prologue to a farce or a tragedy or perhaps both." --James Madison ----- Original Message ----- From: "Sebastian Ganson" <[EMAIL PROTECTED]> To: "Nessus Mailing List (E-mail)" <[EMAIL PROTECTED]> Sent: Wednesday, April 10, 2002 9:14 PM Subject: RE: Null Session > I believe Microsoft's URLScan utility also has a feature to change the > returned string on top of providing other security features. Rather than > edit W3SVC.dll, the May 2001 issue of Windows Developer has an article on > writing a basic ISAPI dll to do roughly the same thing. > > Sebastian > > -----Original Message----- > From: Jeff L. Johnson [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, April 10, 2002 4:07 PM > To: Taed Wynnell; BOUR Daniel; Nessus Mailing List (E-mail) > Subject: RE: Null Session > > > Try this: > http://www.nstalker.com/banners.php <http://www.nstalker.com/banners.php> > > -----Original Message----- > From: Taed Wynnell [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, April 10, 2002 7:45 AM > To: 'BOUR Daniel'; Nessus Mailing List (E-mail) > Subject: RE: Null Session > > > On IIS Version: We're running Windows NT, and the only solution we could > find was to edit (ack!) W3SVC.DLL, which contains the string hard-coded. > > On Null Session: Again, on Windows NT, you can do the RestrictAnonymous > (search MS Knowledge Base), which helps a little, but doesn't get rid of any > Nessus errors. Since we need that port for domain administration and > whatnot, we can't filter it. > > -----Original Message----- > From: BOUR Daniel [mailto:[EMAIL PROTECTED]] > Sent: Wednesday 10 April 2002 2:58 AM > To: [EMAIL PROTECTED] > Subject: Null Session > > > > Hey, > > I know its a nessus mailing list. > When I scan a IIS web server with nessus, it always give me the type of my > IIS server. > Can someone give me a solution to return another name that Microsoft-IIS/X ? > > > Thanks > Daniel BOUR. > >
