[thelist] Hide IIS6 Banner

Scott Dexter dexilalolai at yahoo.com
Sat Oct 30 09:45:06 CDT 2004


> : With every page request, IIS6 sends back
> : "Server: Microsoft-IIS/6.0" in the header.
> : Does anybody know how to remove this
> 
> Questions:
> a) Why do you want to do this?

Because if I know what kind of server it is, I can plan my attack
strategy accordingly. It's called a passive attack. I investigate
what I'm dealing with, "Ooh! IIS6!" and go from there, "I can use xyz
attack to break in!" 

> b) The Server header is part of the HTTP specification, so are you
> looking 
> to replace the value of the header with something else?

Yup, that's the idea, replacing it with, "Web server." or something
as innocuous...

:)

(BOO!)




More information about the thelist mailing list