|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
IIS Version and Interanl IP being RevealedDuring a recent security scan of our IIS 6 box, it was shown that the II
Version, 6 in this case, and the Internal IP address of the box were being shown externally. Why would this be and how can I fix this. The box is natted behind a firewall. "DoktorWho" <Doktor***@discussions.microsoft.com> wrote in message For IIS 5, you could control the version via URLscan. So maybe take a look news:DD36D2B3-9ECB-41A1-90EA-8644A6377093@microsoft.com... > During a recent security scan of our IIS 6 box, it was shown that the II > Version, 6 in this case, and the Internal IP address of the box were being > shown externally. > > Why would this be and how can I fix this. > > The box is natted behind a firewall. in whatever that interface was migrated to with version 6. Thanks I will try that.
Show quoteHide quote "Funkadyleik Spynwhanker" wrote: > > "DoktorWho" <Doktor***@discussions.microsoft.com> wrote in message > news:DD36D2B3-9ECB-41A1-90EA-8644A6377093@microsoft.com... > > During a recent security scan of our IIS 6 box, it was shown that the II > > Version, 6 in this case, and the Internal IP address of the box were being > > shown externally. > > > > Why would this be and how can I fix this. > > > > The box is natted behind a firewall. > > For IIS 5, you could control the version via URLscan. So maybe take a look > in whatever that interface was migrated to with version 6. > > >
http://blogs.msdn.com/david.wang/archive/2006/03/29/Silly_Security_Scans.aspx
There is no way to control the Server: header. URLScan makes a reasonable attempt but will not set/remove it in all cases. And we are fine with that because this is not a security issue, per the rationale from the blog entry. -- Show quoteHide quote//David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "DoktorWho" <Doktor***@discussions.microsoft.com> wrote in message news:9780DC83-3923-4385-93A5-AD81B0AFEF36@microsoft.com... > Thanks I will try that. > > "Funkadyleik Spynwhanker" wrote: > >> >> "DoktorWho" <Doktor***@discussions.microsoft.com> wrote in message >> news:DD36D2B3-9ECB-41A1-90EA-8644A6377093@microsoft.com... >> > During a recent security scan of our IIS 6 box, it was shown that the >> > II >> > Version, 6 in this case, and the Internal IP address of the box were >> > being >> > shown externally. >> > >> > Why would this be and how can I fix this. >> > >> > The box is natted behind a firewall. >> >> For IIS 5, you could control the version via URLscan. So maybe take a >> look >> in whatever that interface was migrated to with version 6. >> >> >>
http://blogs.msdn.com/david.wang/archive/2006/03/29/Silly_Security_Scans.aspx
--
Show quote
Hide quote
//David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "DoktorWho" <Doktor***@discussions.microsoft.com> wrote in message
news:DD36D2B3-9ECB-41A1-90EA-8644A6377093@microsoft.com... > During a recent security scan of our IIS 6 box, it was shown that the II > Version, 6 in this case, and the Internal IP address of the box were being > shown externally. > > Why would this be and how can I fix this. > > The box is natted behind a firewall. Hey, that's a great rant.
Going in my bookmarks. Show quoteHide quote "David Wang [Msft]" <some***@online.microsoft.com> wrote in message news:uaiRvs3UGHA.1160@TK2MSFTNGP09.phx.gbl... > http://blogs.msdn.com/david.wang/archive/2006/03/29/Silly_Security_Scans.aspx > > -- > //David > IIS > http://blogs.msdn.com/David.Wang > This posting is provided "AS IS" with no warranties, and confers no > rights. > // > > "DoktorWho" <Doktor***@discussions.microsoft.com> wrote in message > news:DD36D2B3-9ECB-41A1-90EA-8644A6377093@microsoft.com... >> During a recent security scan of our IIS 6 box, it was shown that the II >> Version, 6 in this case, and the Internal IP address of the box were >> being >> shown externally. >> >> Why would this be and how can I fix this. >> >> The box is natted behind a firewall. > > 
Other interesting topics
HTTP_AUTHORIZATION header
IIS 5 allows anonymous editing via Frontpage IIS6 'forgets' "Connect As" password for Virtual Directory Anonymous Account not working Is there a way of downloading .cer files like you would do with .doc or .MP3 Passing form credentials to windows security 403 (Forbidden) after setting up SSL Redirect DMZ and Domains Single authentication for multiple IIS 6 servers Cannot connect to Web Server from Different Domain |
|||||||||||||||||||||||
