Re: Microsoft-IIS/6.0 serves up Debian... WTF!
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Jim Popovitch un jour écrivit:
>>
>> Yep this is lighttpd and it's mod_status.
>
> OK (if true), I still question the need for posing as IIS, and
> therefore I question the mirror operator's
> intent/reasons/capabilities/interests/.... as well as security
> capabilites. Are they playing around by posing as IIS. Is it meant
> to deflect interest in a Linux box being on their network? What is
> the reason behind masquerading as something they aren't?
My best guess is that It is security by obscurity. Personnaly, I
often configure mail servers to claim to be another mail server, running
on a different operating system and with some ad hoc version number that
seams reasonable.
The idea is that script kiddies, and many other attackers, will waste
time using attacks that have no chance of succeeding, giving you an
opportunity to detect and block an attack before It really start.
Except by buying you a bit of time, in practice It doesn't add much
real security against a determined attacker, but It is very useful
for honeypot.
>
> If they want to do this, fine. But should they continue to be in
> rotation for ftp.us.debian.org?
Personnaly, I would have chosen to impersonate another web server than
IIS, but except for that I see no problem with what they have done.
I don't see why you want them to be removed from ftp.us.debian.org,
except that you don't like to see them lying about the server application
and version they use, which is something done by a lot of people on
production systems that directly face the Internet.
Simon Valiquette
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Linux PPC)
iD8DBQFITE9qJPE+P+aMAJIRA5JpAKCtOVrvTPpcDw1/lxI7CV6oxoItDwCg9jvq
kRg3a23JXWO5piDR5sl43Kc=
=tHtZ
-----END PGP SIGNATURE-----
Reply to: