httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leif W" <warp-...@usa.net>
Subject Re: [users@httpd] Apache web server reference
Date Fri, 30 Apr 2004 04:52:49 GMT
I don't know which companies use what, or the history of Hotmail, but I
don't place much stock in hearsay either.  I trust what I see when I
check for myself.  M$ MAY BE running MAC OS X on hotmail.com /
passport.com, which is FreeBSD, see below, nmap reports that it could
find at least 1 open port, but could not find 1 closed port -- due to
firewall -- and it needs at least that much to get an accurate reading.

So show others how to do it?  The only way I know how to check is by
looking at the server's Server: header.  But think, use some common
sense: Apache's Server header is configurable (if unadvised as it's
ahard-coded change which gains no security), so M$ is logically going to
change it to make it look like an M$ server, to further spread the FUD
(fear, uncertainty, and doubt) about non-M$ technologies, in particular
FreeBSDand Linux.  So the HTTP protocol is probably unreliable for
identifying a server.  Is there a tcp fingerprint method of identifying
a server?  You can probably less trivially, but possibly, modify the TCP
code of free software to resemble M$, but I don't know the specifics,
and my intuition thinks it might involve significant effort.  In any
case, I think nmap has some rudimentary OS detection based on TCP
fingerprints (with a web-form to update if you find an unknown server
which you knows is a specific OS!  Cool!), but I have no idea if it's
accurate (GIGO: garbage in, garbage out); but presumably the fingerprint
library is tested for accuracy before additions are made.

In any case, it's fairly trivial to spend an hour or two and whip up a
couple scripts to farm the data by all known methods (HTTP Server
header, nmap, others?  Let me know if there's other ways, better or
worse, of getting some data, for cross-referencing, and seeing which
companies are liars and cowards, pretending to use one OS and claiming
it's the best, when they actually usesomething free, which they try to
disrepute) and a database and a PHP frontend for the web to graph
results.  Your script shouldparse through a set of hostnames in a file
or something.  So just have your executive meeting, and ask for domain
names, and type them in, and click a button,and within a few seconds,
you have your results.  But in the end, what if the executives all
happen to think like other executives and pick sites that had technology
chosen by executives as opposed to knowledgable and competent technical
people?  Well, ask them, since all the other lemmings are going to run
off the cliff, will you?  Or will you be a leader?

This may be hearsay to you, but I experienced first hand working at an
internet company.  We had about 20-30 customer and company computers as
servers, various flavors of unix, mostly Linux or FreeBSD, and about 3-4
WinNt4/Win2k servers.  We spent about 20-40 times more effort working on
the 3-4 Windows computers.  It would take less time to "make world" on
FreeBSD than it would to resolve half the Windows problems; and the end
result of the first was one of the most up-to-date, rock-solid INTERNET
operating systems, the result of another was something that limped along
a few more days or weeks until the next major bug/virus/exploit/crash/or
undefined behaviour that M$ denied existence of and who's solution was
usually to reinstall or better yet, upgrade (which left not less, but
more problems with compatibility, interoperability, and new sets of bugs
in yet-again unproven platforms).  So ask your executives if they have
the desire to hire a lot more people to maintain their M$ slavery.

<SoapBox>
M$ creates TOY operating systems, FreeBSD or even Linux create solid,
stable, proven platforms for operating systems which need to be
connected to the Internet for weeks at a timewithout reboots or
crashing.  Anyone who keeps their software up to date is going to reboot
when they install a new kernel, unavoidable, and not a big deal.  I'd
rather have a machine with less kernel bugs which I reboot every 4-8
weeks, than a machine with a growing number of discovered bugs and
exploit codebase, with several months or years of uptime.  Such
egotistical uptime obsession leads to rooted boxes, IMHO.  Just because
it CAN run for years unattended doesn't mean it is WISE to do so.  ;-)
</SoapBox>

Leif

P.S. Please forgivemy missing spaces, my keyboard spacebar has died.

========================
HTTP Server response header
========================
<defiant> [2004-04-30@00:02:13] /var/www -> telnet hotmail.com 80
Trying 64.4.32.7...
Connected to lc1.bay0.hotmail.com.
Escape character is '^]'.
HEAD / HTTP/1.1
Host: hotmail.com

HTTP/1.1 302 Redirected
Date: Fri, 30 Apr 2004 04:03:49 GMT
Connection: close
Server: Microsoft-IIS/5.0
Location: http://lc1.bay0.hotmail.passport.com/cgi-bin/login

Connection closed by foreign host.
<defiant> [2004-04-30@00:08:14] /var/www ->

========================
nmap TCP fingerprint OS detection
========================
<defiant> [2004-04-30@00:26:12] /var/www -> nmap -v -O
lc1.bay0.hotmail.passport.com

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-04-30 00:26
EDT
Host 64.4.32.7 appears to be down, skipping it.
Note: Host seems down. If it is really up, but blocking our ping probes,
try -P0
Nmap run completed -- 1 IP address (0 hosts up) scanned in 12.560
seconds
<defiant> [2004-04-30@00:26:33] /var/www -> nmap -v -O -P0
lc1.bay0.hotmail.passport.com

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-04-30 00:26
EDT
Host lc1.bay0.hotmail.com (64.4.32.7) appears to be up ... good.
Initiating SYN Stealth Scan against lc1.bay0.hotmail.com (64.4.32.7) at
00:26
Adding open port 443/tcp
Adding open port 80/tcp
The SYN Stealth Scan took 375 seconds to scan 1659 ports.
Warning:  OS detection will be MUCH less reliable because we did not
find at least 1 open and 1 closed TCP port
For OSScan assuming that port 80 is open and port 35248 is closed and
neither are firewalled
Interesting ports on lc1.bay0.hotmail.com (64.4.32.7):
(The 1657 ports scanned but not shown below are in state: filtered)
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https
Device type: broadband router|general purpose
Running: D-Link embedded, Apple Mac OS X 10.1.X
OS details: DI-701 Residential Gateway or KA9Q NOS - KO4KS-TNOS v. 2.30,
Apple Mac OS X Server 10.1.2 (ppc)
Uptime 9.842 days (since Tue Apr 20 04:21:10 2004)
TCP Sequence Prediction: Class=random positive increments
                         Difficulty=1095035 (Good luck!)
IPID Sequence Generation: Broken little-endian incremental

Nmap run completed -- 1 IP address (1 host up) scanned in 384.428
seconds
<defiant> [2004-04-30@00:33:12] /var/www ->




----- Original Message ----- 
From: "Laura Vance" <vancel@winfreeacademy.com>
To: <users@httpd.apache.org>
Sent: Thursday, April 29, 2004 11:01 AM
Subject: Re: [users@httpd] Apache web server reference


> Another interesting note is that when IE 6 (I think that's the
version,
> it might have been 5) was released, MS had a server farm with (I've
> heard) 20 to 30 servers with that file available for download.  It was
> an HTTP download, and the demand crashed their entire server farm.  I
> also heard that there was one apache server sitting somewhere that had
> it available for download at the same time, and that server not only
> stayed up, but it set some sort of record for downloads in a 24/hr
period.
>
> I've never heard an "official" verification of this report, but it
> sounds reasonable/realistic to me.
>
> Andy Harrison wrote:
>
> >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >On Thu, 29 Apr 2004 06:48:00 -0400, Sternbergh, Cornell wrote
> >Subject: "RE: [users@httpd] Apache web server reference"
> >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> >
> >
> >> Is Hotmail running on Apache?  (They'd found that Microsoft
O/S/server's
> >> couldn't handle the load, and they went to Linux;-)
> >>
> >>
> >
> >False.  Before MS bought them, it was all solaris.  After buying
them,
> >MS tried to switch it to their o/s.  Obviously it couldn't handle it
> >so they switched back.  AFAIK they use their o/s for the front end
> >stuff, but the rest is done by solaris.
> >
> >
> >
>
> -- 
> Thanks,
> Laura Vance
> Systems Engineer
> Winfree Academy Charter Schools, Data-Business Office
> 1711 W. Irving Blvd. Ste 310
> Irving, Tx  75061
> Web: www.winfreeacademy.com
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message