Just wondering if anyone could give me a tip on how to prevent scanning software as Nessus to get to see the real version of my servers I have running (ftp, www, sendmail). NESSUS recommends: "We recommend that you configure your web server to return bogus versions, so that it makes the cracker job more difficult" Any help is higly appreciated ! -- snip NESSUS output -- Information found on port ftp (21/tcp) Remote FTP server banner : proftpd 1.2.2rc1 server (proftpd) [192.168.1.2] Information found on port smtp (25/tcp) Remote SMTP server banner : xxx.xxx.xxx ESMTP Sendmail 8.9.3/8.9.3 Information found on port www (80/tcp) The remote web server type is : Apache/1.3.6 (Unix) mod_perl/1.21 mod_ssl/2.2.8 OpenSSL/0.9.2b [ back to the list of ports ] Information found on port pop3 (110/tcp) The remote POP server banner is : +OK QPOP (version ?) at xxx.xxx.xxx starting. <[EMAIL PROTECTED]> -- un-snip -- -- MVG, Rob van Eijk www.blaeu.com _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
