Apache 2.2.3 on OpenSuSE - Error 404

Soldato
Joined
9 Dec 2004
Posts
5,696
Location
Dorset
Hi,

I've just noticed that if I put in an incorrect URL into my browser for a webpage on my server (that doesnt exist) it shows an error 404. Understandable, yet on that page is then says what OS I'm running and the Version of Apache. I don't particularly want it to say that, any idea how I can remove any additional server info from error messages?

Thanks :)
 
To be honest you can work it out from http headers/nmap fingerprinting pretty easily, lots of different things give away what OS your running (I.e your TCP/IP Stack).
 
Ah yes, just captured a couple of packets and there it is. I should have realised that tbh.

Thanks :)

This may sound like a silly question but is there any way to totally mask it? I'd imagine it would put off a lot of attackers. I'm guessing there isnt a way, especially if its sent through IP headers as I suppose its there for a required reason.
 
Sure there are stealth TCP/IP patches which make your machine show up to nmap fingerprinting as a dreamcast etc but most of your services as well are going to give away some information on what the OS/their version is. There is no foolproof way of hiding it though, an experienced person will just know what to look for.

This is pretty dated now but, http://insecure.org/nmap/misc/defeat-nmap-osdetect.html
 
Last edited:
FirebarUK said:
Thanks, I've never heard of dreamcasting before so I'll look into that for interest.

No its not a technique I was just using it as an example of being able to fool scanners into thinking your running a totally different OS from the one you are currectly running. Could be anything. :p
 
Back
Top Bottom