on 5/7/01 7:50 AM, James Hastings-Trew at [EMAIL PROTECTED] wrote:
> on 5/7/01 5:34 AM, Deocs Postmaster at [EMAIL PROTECTED] wrote:
>
>> From telnet this command returns the type of server,
>> installed modules, and other information. That info
>> is tabulated and tracked by www.netcraft.com (who also
>> infers the operating system) and can help an attacker
>> find a website's vulnerabilities.
>
> You want to run a secure server but you have telnet access to it. Seems like
> the server info is the least of your security problems.
>
Telnet to port 80 is a simple and common method to get server info,
specifically making a HEAD request. I don't believe his intent was to use
the telnet port to talk to apache.
--
Dave Goodrich
Director of Interface Development
Reality Based Learning Company
9521 NE Willows Road, Suite 100
Redmond, WA 98052
Toll Free 1-877-869-6603 ext. 237
Fax (425) 558-5655
[EMAIL PROTECTED]
http://www.rblc.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
