Re: [OT] RE: Microsoft-IIS/6.0 - US - Debian mirror?
Kumar Appaiah wrote: On Fri, Aug 1, 2008 at 3:19 AM, kj wrote: Stackpole, Chris wrote: How on earth do Windows Admins sleep at night with these kind of constant attacks out there? They disable the log. At least, that's what the Exchange admins at my one job did... Out of curiosity, is it a case of over-confidence that the attacks can't cause harm, or is it a case of not worrying because ignorance is bliss? :-) Probably the latter but the response I got when I enquired was it takes too much space ... --kj -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Microsoft-IIS/6.0 - US - Debian mirror?
On Mon, 28 Jul 2008 18:10:20 -0700 Lubos Rendek [EMAIL PROTECTED] wrote: Hi Guys, I'm just wondering what is the reason that Debian US mirror is running on Microsoft-IIS/6.0? Or at least this is what my browser shows when I go to: http://http.us.debian.org/debian/dists/etch/ -- lubo http://www.linuxconfig.org/ It probably means someone is using mod_security to tweak the server signature to show something else. We do that at work by default on all of our servers just to keep the bad guys guessing. That has come back to bite us in the ass occasionally. Try installing YaBB2 on an apache server showing IIS as the signature sometime. signature.asc Description: PGP signature
[OT] RE: Microsoft-IIS/6.0 - US - Debian mirror?
-Original Message- From: Forsaken [mailto:[EMAIL PROTECTED] Sent: Thursday, July 31, 2008 1:26 AM To: debian-user@lists.debian.org Subject: Re: Microsoft-IIS/6.0 - US - Debian mirror? On Mon, 28 Jul 2008 18:10:20 -0700 Lubos Rendek [EMAIL PROTECTED] wrote: Hi Guys, I'm just wondering what is the reason that Debian US mirror is running on Microsoft-IIS/6.0? Or at least this is what my browser shows when I go to: http://http.us.debian.org/debian/dists/etch/ -- lubo http://www.linuxconfig.org/ It probably means someone is using mod_security to tweak the server signature to show something else. We do that at work by default on all of our servers just to keep the bad guys guessing. That has come back to bite us in the ass occasionally. Try installing YaBB2 on an apache server showing IIS as the signature sometime. I understand spoofing the signature to throw off the bad guys, but why would you spoof IIS on an Apache system? This comes just from my limited knowledge on this subject, but I have a Debian Apache server and a 2k3 IIS server, both behind a Smoothwall firewall. I have my Smoothwall configured to drop all the packets that it identifies as attacks and to log the attempt. I have S many more attacks by worms and so forth trying to get into the IIS system then I do on the Apache. A quick look shows that I have had at least one attack every hour for the past couple of days on the IIS but I spot none on the Apache (there may be some, but if so I have missed them in the log file). Now I know these attacks for IIS won't work against Apache, but I don't understand why I would broadcast as IIS and put my Apache box into this line of fire (even if it is nothing more but the bandwidth of the failed attacks). Isn't there something else to spoof that wouldn't cause an increase of attacks? Any comments would be grateful. I am always open to suggestions to improve my systems/security. If my question/understanding is too newbish, please be gentle. :-) Thanks! As a side note, I see these giant log files of dropped attacks and I can't help but wonder two things. 1) What's going to happen when one gets through to the Windows box? I mean, I have backups and plans in case but still...*dread* 2) How on earth do Windows Admins sleep at night with these kind of constant attacks out there? Maybe I should, but I don't worry about any of my Linux systems as a whole as much as I do on this one Windows box... :-D -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT] RE: Microsoft-IIS/6.0 - US - Debian mirror?
Stackpole, Chris wrote: How on earth do Windows Admins sleep at night with these kind of constant attacks out there? They disable the log. At least, that's what the Exchange admins at my one job did... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT] RE: Microsoft-IIS/6.0 - US - Debian mirror?
On Fri, Aug 1, 2008 at 3:19 AM, kj wrote: Stackpole, Chris wrote: How on earth do Windows Admins sleep at night with these kind of constant attacks out there? They disable the log. At least, that's what the Exchange admins at my one job did... Out of curiosity, is it a case of over-confidence that the attacks can't cause harm, or is it a case of not worrying because ignorance is bliss? :-) Kumar -- Kumar Appaiah -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Microsoft-IIS/6.0 - US - Debian mirror?
lubo wrote: yep, some sorts of load balancing is involved. here is the one with IIS on it: http://35.9.37.225/debian/dists/etch/ $ dig http.us.debian.org snip ;; ANSWER SECTION: http.us.debian.org. 3494IN A 128.30.2.36 http.us.debian.org. 3494IN A 64.50.236.52 http.us.debian.org. 3494IN A 64.50.238.52 http.us.debian.org. 3494IN A 35.9.37.225 snip The first three run apache on linux and the last one runs IIS. -- If you can't explain it simply, you don't understand it well enough. -- Albert Einstein -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Microsoft-IIS/6.0 - US - Debian mirror?
Raj Kiran Grandhi writes: $ dig http.us.debian.org snip ;; ANSWER SECTION: http.us.debian.org. 3494IN A 128.30.2.36 http.us.debian.org. 3494IN A 64.50.236.52 http.us.debian.org. 3494IN A 64.50.238.52 http.us.debian.org. 3494IN A 35.9.37.225 snip The first three run apache on linux and the last one runs IIS. IIRC Netcraft was showing the last one sometimes running IIS and other times Apache. -- John Hasler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Microsoft-IIS/6.0 - US - Debian mirror?
On Mon, 28 Jul 2008 18:10:20 -0700 Lubos Rendek [EMAIL PROTECTED] wrote: Hi Guys, I'm just wondering what is the reason that Debian US mirror is running on Microsoft-IIS/6.0? Or at least this is what my browser shows when I go to: http://http.us.debian.org/debian/dists/etch/ Where do you see that? It's using Apache. -- Brian signature.asc Description: PGP signature
Re: Microsoft-IIS/6.0 - US - Debian mirror?
On Mon, 28 Jul 2008 18:28:46 -0700 Brian Marshall [EMAIL PROTECTED] wrote: On Mon, 28 Jul 2008 18:10:20 -0700 Lubos Rendek [EMAIL PROTECTED] wrote: I'm just wondering what is the reason that Debian US mirror is running on Microsoft-IIS/6.0? Or at least this is what my browser shows when I go to: http://http.us.debian.org/debian/dists/etch/ Where do you see that? It's using Apache. -- Brian http://uptime.netcraft.com/up/graph?site=http.us.debian.org -- Raquel You can't separate peace from freedom, because no one can be at peace unless he has his freedom. --Malcolm X -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Microsoft-IIS/6.0 - US - Debian mirror?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lubos Rendek wrote: Hi Guys, I'm just wondering what is the reason that Debian US mirror is running on Microsoft-IIS/6.0? Or at least this is what my browser shows when I go to: http://http.us.debian.org/debian/dists/etch/ -- lubo http://www.linuxconfig.org/ bandwidth is very expensive, I doubt anyones going to be picky about the os someones using when they are providing free bandwidth. besides, you can report whatever you want as an os, so who knows what there using. - -- Steve Reilly http://reillyblog.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIjoAmUpqfZIdKFyERAilyAJ9fpWKAaTvrqJxVru/2b0itd3brgQCdHFUW E6jxayxo3lu9Lgqj7V4cSVI= =Gkd/ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Microsoft-IIS/6.0 - US - Debian mirror?
Brian Marshall wrote: On Mon, 28 Jul 2008 18:10:20 -0700 Lubos Rendek [EMAIL PROTECTED] wrote: Hi Guys, I'm just wondering what is the reason that Debian US mirror is running on Microsoft-IIS/6.0? Or at least this is what my browser shows when I go to: http://http.us.debian.org/debian/dists/etch/ Where do you see that? It's using Apache. I also saw that a couple weeks ago... Definitely was IIS 6.0. -- Josh Miller - RHCE, VCP Linux Solutions Provider Seattle, WA USA http://itsecureadmin.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Microsoft-IIS/6.0 - US - Debian mirror?
I gets displayed on my firefox browser when I navigate to: http://http.us.debian.org/debian/dists/etch/ -- lubo http://www.linuxconfig.org/ On Mon, Jul 28, 2008 at 6:28 PM, Brian Marshall [EMAIL PROTECTED] wrote: On Mon, 28 Jul 2008 18:10:20 -0700 Lubos Rendek [EMAIL PROTECTED] wrote: Hi Guys, I'm just wondering what is the reason that Debian US mirror is running on Microsoft-IIS/6.0? Or at least this is what my browser shows when I go to: http://http.us.debian.org/debian/dists/etch/ Where do you see that? It's using Apache. -- Brian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Microsoft-IIS/6.0 - US - Debian mirror?
thanks Steve, good reason. I'm not picky this was just out of my curiosity because I could not get my head around it :-) On Mon, Jul 28, 2008 at 7:27 PM, steve [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lubos Rendek wrote: Hi Guys, I'm just wondering what is the reason that Debian US mirror is running on Microsoft-IIS/6.0? Or at least this is what my browser shows when I go to: http://http.us.debian.org/debian/dists/etch/ -- lubo http://www.linuxconfig.org/ bandwidth is very expensive, I doubt anyones going to be picky about the os someones using when they are providing free bandwidth. besides, you can report whatever you want as an os, so who knows what there using. - -- Steve Reilly http://reillyblog.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIjoAmUpqfZIdKFyERAilyAJ9fpWKAaTvrqJxVru/2b0itd3brgQCdHFUW E6jxayxo3lu9Lgqj7V4cSVI= =Gkd/ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- lubo http://www.linuxconfig.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Microsoft-IIS/6.0 - US - Debian mirror?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/28/08 21:07, Josh Miller wrote: Brian Marshall wrote: On Mon, 28 Jul 2008 18:10:20 -0700 Lubos Rendek [EMAIL PROTECTED] wrote: Hi Guys, I'm just wondering what is the reason that Debian US mirror is running on Microsoft-IIS/6.0? Or at least this is what my browser shows when I go to: http://http.us.debian.org/debian/dists/etch/ Where do you see that? It's using Apache. I also saw that a couple weeks ago... Definitely was IIS 6.0. Probably a round-robining DNS. - -- Ron Johnson, Jr. Jefferson LA USA Kittens give Morbo gas. In lighter news, the city of New New York is doomed. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkiOg+MACgkQS9HxQb37XmfhnQCeOX7GzZ15n9YrCPODIxs6ocSR xS4AoLRASDrabv4WTngR8a8L9ki61qIl =DLcy -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Microsoft-IIS/6.0 - US - Debian mirror?
Netcraft shows the same IP jumping back and forth between IIS and Apache. Seems unlikely. -- John Hasler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Microsoft-IIS/6.0 - US - Debian mirror?
yep, some sorts of load balancing is involved. here is the one with IIS on it: http://35.9.37.225/debian/dists/etch/ -- lubo http://www.linuxconfig.org/ On Mon, Jul 28, 2008 at 7:42 PM, John Hasler [EMAIL PROTECTED] wrote: Netcraft shows the same IP jumping back and forth between IIS and Apache. Seems unlikely. -- John Hasler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- lubo http://www.linuxconfig.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]