> -----Original Message-----
> From: James Hastings-Trew [mailto:[EMAIL PROTECTED]]
> Sent: 07 May 2001 15:50
> To: [EMAIL PROTECTED]
> Subject: Re: HEAD / HTTP/1.0
>
>
> on 5/7/01 5:34 AM, Deocs Postmaster at [EMAIL PROTECTED] wrote:
>
> > From telnet this command returns the type of server,
> > installed modules, and other information. That info
> > is tabulated and tracked by www.netcraft.com (who also
> > infers the operating system) and can help an attacker
> > find a website's vulnerabilities.
>
> You want to run a secure server but you have telnet access to
> it. Seems like
> the server info is the least of your security problems.
>
He means telnetting to port 80, ie doing exactly what a web browser does
(except a browser has a few more bells and whistles to it).
eg
telnet www.rnib.org.uk 80
HEAD / HTTP/1.0
-
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
