[1507] in WWW Security List Archive
Re: Probe for unannounced web servers in a domain?
daemon@ATHENA.MIT.EDU (Kenneth E. Rowe)
Tue Feb 20 12:18:12 1996
From: "Kenneth E. Rowe" <kerowe@aslan.ncsa.uiuc.edu>
Date: Tue, 20 Feb 1996 08:00:09 -0600
In-Reply-To: Richard Huddleston <reh@wam.umd.edu>
"Re: Probe for unannounced web servers in a domain?" (Feb 19, 11:04pm)
Reply-To: "Kenneth E. Rowe" <kerowe@ncsa.uiuc.edu>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
On Feb 19, 3:46pm, Prentiss Riddle wrote:
> Subject: Probe for unannounced web servers in a domain?
> I am looking for tools and/or methods for discovering unannounced web
> servers in my domain, a typical heterogeneous unfirewalled university
> site.
>
> My motivation is partly security (to turn over as many rocks as I can
> and see what wriggles out) and partly to automatically publicize
> legitimate servers that students or departments may have set up on
> their own machines.
{stuff deleted}
>-- End of excerpt from Prentiss Riddle
Keep in mind that some folks may have intentionally not advertised their web
server, especially if they are running on non-standard port numbers (e.g. 80,
8080). I'd be careful about 'automatically' publicizing servers.
Ken.
--
----------------------------------------------------------
Kenneth E. Rowe kerowe@ncsa.uiuc.edu
Senior Security Engineer / (217) 244 5270 (office)
Security Coordinator (217) 244 0710 (IRST)
National Center for Supercomputing Applications
University of Illinois at Urbana-Champaign
*** email irst@ncsa.uiuc.edu for computer incident response ***
----------------------------------------------------------
