Re: Microsoft-IIS/6.0 serves up Debian... WTF!
Jim Popovitch wrote:
> On Sun, Jun 8, 2008 at 7:02 AM, Nico Golde <debian-security+ml@ngolde.de> wrote:
>> Yep this is lighttpd and it's mod_status.
>
> OK (if true), I still question the need for posing as IIS, and
> therefore I question the mirror operator's
> intent/reasons/capabilities/interests/.... as well as security
> capabilites. Are they playing around by posing as IIS. Is it meant
> to deflect interest in a Linux box being on their network? What is
> the reason behind masquerading as something they aren't?
>
Only the operator would be able to answer this. It seems like there are
reasons for doing this. One of them is to obscure the actual platform
from someone just randomly google "hacking" their server by searching
for a specific banner string.
There are many many more reasons for masquerading as something they aren't.
> If they want to do this, fine. But should they continue to be in
> rotation for ftp.us.debian.org?
>
I think it's irrelevant. All that matters is that the packages are
available, valid, that they're properly signed and that users don't have
issues with the repository.
Regards,
Jacob Appelbaum
Reply to: