Re: Basspro web site

[Edward Marczak <erm@xxxxxxxxxxxxxxxxxxxx>]

On 12/6/02 6:35 AM, "Dennis Lovelady" <dlovelady@dtcc.com> tapped the keys:

> There are various ports to which icmp can be issued, which will tell
> information about your OS... some of which you may not want shared.

[snip]

> Anyway, it's best to firewall your ICMP responses, limiting to only those
> that are required by your network (usually ports 0 and 8 if I recall
> correctly - please check this; don't blindly accept.).

To nitpick: that's protocol 0 and 8, not port 0 and 8.  See
http://www.ietf.org/rfc/rfc0792.txt.  8 is ICMP echo (ping) and 0 is echo
reply (reply to a ping).

> Naturally, if ICMP ports that identify OS are disabled, then no tool
> (including netcraft's) can determine your OS.

There are many more ways to tell what a server is running.  Go ahead,
disable ICMP, I'll get it from the server itself:

$ telnet www.ibm.com 80
Trying 129.42.18.99...
Connected to www.ibm.com.
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.1 302 Found
Date: Fri, 06 Dec 2002 15:44:20 GMT
Server: IBM_HTTP_SERVER/1.3.19.1  Apache/1.3.20 (Unix)

That's all Netcraft has to do.  Of course, you can tell Apache to hide this
info, which the webmaster at basspro.com has probably done.  Let's check:

$ telnet www.basspro.com 80
Trying 12.14.224.133...
Connected to www.basspro-shops.com.
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.1 302 Found
Set-Cookie: ARPT=WNYOJLS192.168.65.102CKWKM; path=/
Date: Fri, 06 Dec 2002 15:46:45 GMT
Server: Apache

Well, they're using Apache, but have hidden the version.  Odd cookie
setting, too....
--
Ed Marczak