Although it might be possible to do that (using Wine, maybe) I don't
think it's the case. I am not sure how does Netcraft perform its
analisys, but it is possible to change characteristics of a machine in
such a way that a Linux box will look like a Cisco Router for programs
that performs Ofir Arkin's fingerprinting techniques. I have never
done it on a Windows box, but it is possible.
On the other hand, an Apache Webserver can be changed to look like an
IIS or whatever you want with minimal changes in its
configuration/source code. This might be also the case.
Another possibility is that a real Linux box is portmaping TCP 80 to
an internal IIS server.
Security techniques that obfuscates the version and/or name of the
system you're running aren't very useful. You spent a lot of time
changing TCP stack properties, banners, source code etc, but it would
not prevent a scriptie kiddie from running a vulnerability scanner
agains you. Scriptie kiddies usually don't focus a vulnerability
scanning. It is very common to see typical IIS attacks on Apache
servers logs, for instance. Professional hackers might loose some time
figuring out your systems but they are very good on that and they will
do so, doesn't matter wether you've rewriten all the variables in
Apache's httpd.c or not.
Of course you should never leave your webserver banner telling the
hacker what webserver version you're running, But you should loose too
much time on this. It's better spending more time hardening your
system and deploying IDSs
Best regards,
Alberto Cozer
Security Oustourcing Director, Future Technologies Digital Security
IBM Certified AIX System Specialist
Checkpoint Certified Security Expert, CCSE NG
[EMAIL PROTECTED]
http://www.fti.com.br
Rohit
<[EMAIL PROTECTED] To: [EMAIL PROTECTED]
om> cc:
Subject: Netcraft shows
ministryofsound is running IIS 5.0 on LINUX ???
16/06/2003 13:27
http://uptime.netcraft.com/up/graph/?host=www.ministryofsound.com
Is this anyway possible??
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top
analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access
in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
