Scott is correct: HTTP can tell a server a lot about your web browser. This is a good opportunity to learn about web browser based security threats. For those interested, try turning off JavaScript and/or ActiveX in your browser and hitting the same URL again to compare.
Here's the output from using anonymizer.com for a comparison: COLLECTED INFORMATION Reported remote address 168.143.113.150 Browser Mozilla v 1.5 (Gecko engine build 20030925) OS Windows XP Client's address we got 168.143.113.150 Client's hostname Cannot be resolved Preferable mail server smtp.infonex.com Blocked: JavaScript John Hebert Scott Harney wrote: > Challison <[EMAIL PROTECTED]> writes: > > >>Yep.....behind a firewall and it told me much as well. I.E. must >>advertise system info or something. > > > all browsers do. All of this is part of standard HTTP. > > >>On an interesting note......went to the site with my RH severn beta >>machine and the site collected most of the same info for that box. >>My take on this is that you need to tighten your security regardless >>of the OS you are running. >>Did I hear someone say Bastille? Tripwire? etc? > > > Those things are not going to help. Your browser transmits this > information upon request. You could browse through a proxy or > anonymizer. A firewall doesn't help because, after all, you initiated > the connection. > > Your concern with this is the browser itself. some possible attack > vectors. 1)ActiveX 2)Java 3)Javascript (mostly denial of service > due to popups). buffer overflows introduced by the above three. > Cookies etc. > > Bastille and Tripwire are both good hard hardening tools (although > I think aide from http://aide.sf.net is probably an easier > to use replacement for TW). Bastille may help a little bit, but > probably no more than turning off java and the like. Building > web browsers and other items with buffer overflow protection is > another possibility (ProPolice). TW and AIDE will let you know > if you've been potentially exploited. > > It's actually a really GOOD idea to go to sites like this one > and particularly to run the port scans available. They will give > you a good idea of what your firewall looks like to intruders. > You should be unsurprised by what you see. If you are, you have more > work to do and more to learn :) >
