> Just wondering if anyone could give me a tip on how to prevent scanning > software as Nessus to get to see the real version of my servers I have > running (ftp, www, sendmail). > > NESSUS recommends: "We recommend that you configure your web server to > return > bogus versions, so that it makes the cracker job more difficult" > > The remote web server type is : > Apache/1.3.6 (Unix) mod_perl/1.21 mod_ssl/2.2.8 OpenSSL/0.9.2b For Apache, use 'ServerTokens Min' (w/o quotes) at bottom of file 'srm.conf' to get only 'Apache/1.3.6' if you upgrade to 1.3.12 or up use 'ServerTokens Prod' to get only 'Apache'. Remember, you need to do this change for admin and web server. R.B. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
