Header image

Only The Bad Guys Should Care

Sometimes, server software needs to specify what version it is for compatibility reasons. But there are very few cases where legitimate software needs to know what operating system a server is running, much less what hardware it's running on. Script kiddies, however, really want to know this sort of thing - it makes finding an exploit much simpler.

This is harder to conceal than software versions, however. Many tools exist to probe machines with unusual network traffic and check how a system responds to it. This often provide a 'fingerprint' which tells the attacker what kind of system they are looking at. Hiding a webserver running on one platform behind a firewall running on a different one is sometimes effective at confusing such programs.

[Prev]   [Up]   [Next]