Solved

Masking the way Windows 2003 web server looks to crackers.

Posted on 2004-03-23
4
222 Views
Last Modified: 2010-04-19
I want my 2003 IIS 6 web server to look like a Linux server or another server for that matter when people are scanning and probing the network. Is this possible?
0
Comment
Question by:bstearns
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 2

Accepted Solution

by:
Ugrum earned 500 total points
ID: 10661715
THe people who are scanning will be able to determine the OS that host is running with 99.999% probability - they will just use OS fingerprinting, the method which analyzes network packets at a very low level to find OS-specific patterns. Of course, the fact that the web server runs Windows 2003 does not neccessary means that the website itself is running on IIS 6.0 (you can install Apache and others...), but it's the most likely scenario.
As to hide, you can use some form of reverse proxy to publish your website on a host that is not running Windows.
0
 

Author Comment

by:bstearns
ID: 10662193
Thank you for the help.
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10665076
Ugrum is right

OS fingerprinting goes down to the very way in which certin IP packets are responded to - and while it is possible to change that what usually happens is you end up with a duff TCP stack :(

To be honest why would you want to hide it? IIS 6, when properly set up, behind a firewall and well patched is extremely secure and superior in terms of speed and functionality to best of the competitors.

If you want to protect against scans and probes (as you put it!) then install and properly configure a firewall, I recommend you look at www.kerio.com for some of the best personal and enterprise firewall software on the market today.

Cheers

JamesDS
0
 

Author Comment

by:bstearns
ID: 10670969
Thank you JamesDS for your insight as well.
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question