Security

[Inz Akure]

Why not spoof your machine so it appears to be a linux box or ?? You could
maybe run a linux based proxy, switch your ASP extensions to PHP through
IIS, create custom error pages to appear to be from a different OS etc.

Could this cause a hacker to run in circles?

 

[Aaron Bertrand [MVP]]

Security through obscurity is not security at all. IMHO.

While that might make an amateur hacker "run in circles" for a few minutes
at best, it causes more confusion in managing your configuration and
educating everyone about how it really works, than it ever will to an
accomplished person trying to compromise your system. A good firewall and
sound security practices will do far more for security than trying to pull
two strands of wool over my eyes.

 

[Inz Akure]

Over your eyes? Uh oh...

It was just a silly idea I thought I'd throw out there.

How would be able to discern my system is infact a Windows machine as
opposed to the proxy you'd be interfacing with?

Just curious

 

[Ray at]

The quick test, go to yourdomain.com/page.php and then go to
yourdomain.com/pAgE.php, and then go to yourdomain.com/PaGe.pHP, etc.

Ray at home

 

[Jeff Cochran]

Over your eyes? Uh oh...

It was just a silly idea I thought I'd throw out there.

How would be able to discern my system is infact a Windows machine as
opposed to the proxy you'd be interfacing with?

The real point is, why would I care what the box was? I can run
scripts against hundreds of boxes in the time it takes me to figure
out what you're running. And no matter what your system reports it's
running, if it has an IIS or ASP or SQL vulnerability, my script will
hit it. If not, my script will move on to the next box in line.

Jeff