Forum Discussion

zafer's avatar
zafer
Icon for Nimbostratus rankNimbostratus
Apr 18, 2008

hide os information

Hello,     when i check the some website from http://news.netcraft.com/ i can see os information How can i hide this information i think its tcp fingerprint issue     You can test www.msn...
application delivery
dev
devops
iRules
The_Bhattman's avatar
The_Bhattman
Icon for Nimbostratus rankNimbostratus
Apr 18, 2008
Hi Zafer,

From what I see on the logs in my IDS/IPS system, hackers random fire any exploit, even when the servers have advertised what the OS is. I see tons of PHP exploits going to IIS servers and exploits against devices that don't have a open OS.

That's not say you can't make it difficult for the one guy who is out to exploit your site for the day.

In that case you can hide information from the most common areas


when HTTP_RESPONSE {
    loop through and remove all instances of the unwanted 
    headers from the server response
    (Server, Date, X-Powered-By in this example) 
   foreach header {Server Date X-Powered-By} {
      while { [HTTP::header exists {$header}] } {
         log local0. "Removing- $header: [HTTP::header value {$header}]"
         HTTP::header remove {$header}
      }
  }
}

I have never tested this out but it's worth taking look into.

Also check out HTTP::header wiki (Click here). There is a HTTP::header sanatize command that might do a trick or two

Thanks,

CB