hide os information

Hi Zafer,

From what I see on the logs in my IDS/IPS system, hackers random fire any exploit, even when the servers have advertised what the OS is. I see tons of PHP exploits going to IIS servers and exploits against devices that don't have a open OS.

That's not say you can't make it difficult for the one guy who is out to exploit your site for the day.

In that case you can hide information from the most common areas

when HTTP_RESPONSE {
    loop through and remove all instances of the unwanted 
    headers from the server response
    (Server, Date, X-Powered-By in this example) 
   foreach header {Server Date X-Powered-By} {
      while { [HTTP::header exists {$header}] } {
         log local0. "Removing- $header: [HTTP::header value {$header}]"
         HTTP::header remove {$header}
      }
  }
}

I have never tested this out but it's worth taking look into.

Also check out HTTP::header wiki (Click here). There is a HTTP::header sanatize command that might do a trick or two

Thanks,

CB

You can also look at the "HTTP::header sanitize" sub command. This will remove all except the specified headers. There may be tines that you don't know all the headers that contain id information, but most likely you will know all the headers you want to allow through.

 

 

-Joe

Hoolio's answer really addresses the root of the problem. Until you know what it is they're using to formulate those assumptions, there's no sure fire way to stop them from coming to that conclusion.

 

 

You can start blocking headers and such randomly in hopes of thwarting them, but without knowing for sure what they're looking at, it's a guessing game at best.

 

 

Colin

Hi

 

i know how can i sanitize server header information but i think u miss understand me.

 

i want hide Bigip OS information

 

you can use nesus, nmap and other tools and you can find this box is BIGIP,

 

F5 Networks Big-IP TCP/IP Fingerprint

 

 

im looking solution to fix this problem

 

 

regards

 

 

zafer