[47962] in North American Network Operators' Group
Re[4]: "portscans" (was Re: Arbor Networks DoS defense product)
daemon@ATHENA.MIT.EDU (Allan Liska)
Sun May 19 11:15:10 2002
Date: Sun, 19 May 2002 11:14:26 -0400
From: Allan Liska <allan@allan.org>
Reply-To: Allan Liska <allan@allan.org>
Message-ID: <2987948394.20020519111426@allan.org>
To: "nanog@merit.edu" <nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.21.0205191048060.23671-100000@cpu1693.adsl.bellglobal.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Hello Ralph,
Sunday, May 19, 2002, 10:50:23 AM, you wrote:
>> RD> I often like to know if a particular web server is running Unix or
>> RD> Winblows. A port scanner is a useful tool in making that determination.
>>
>> [allan@ns1 phpdig]$ telnet www.istop.com 80
>> Trying 216.187.106.194...
>> Connected to dci.doncaster.on.ca (216.187.106.194).
>> Escape character is '^]'.
>> HEAD / HTTP/1.0
>>
>> HTTP/1.1 200 OK
>> Date: Sun, 19 May 2002 01:47:57 GMT
>> Server: Apache/1.3.22 (Unix) FrontPage/4.0.4.3 PHP/4.1.2 mod_fastcgi/2.2.8
RD> Sure, it works on some servers, but try it on yahoo.com, cnn.com, ...
As I think Eddy already mentioned, you can try Netcraft. Of course in
the cases of Yahoo and CNN you have an Akamai factor...though CNN does
return some useful information:
telnet www.cnn.com 80
Trying 207.25.71.20...
Connected to www1.cnn.com (207.25.71.20).
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.1 200 OK
Server: Netscape-Enterprise/4.1
Date: Sun, 19 May 2002 14:58:55 GMT
Last-modified: Sun, 19 May 2002 14:58:55 GMT
Expires: Sun, 19 May 2002 14:59:55 GMT
Cache-control: private,max-age=60
Content-type: text/html
Connection: close
And, you can also try the direct approach: e-mail the webmaster and
ask :). I guess the point I am trying to make is that there are ways
of finding out this information without having to resort to portscans.
The example of bank is a very good one. With all of the security
risks involved in managing a web server, and the associated
database, it seems very important to ask the bank for an explanation
of the steps they have taken to secure their website, and their
customer database.
If they don't give a satisfactory bank somewhere else (or offer your
services ;)). Certainly that is a better approach than scanning to
see what you can find out. The organization receiving the scan has
no way of knowing what your intentions are -- and should interpret
them as hostile.
allan
--
allan
allan@allan.org
http://www.allan.org
