[cs615asa] Dishonest Servers

Jan Schaumann jschauma at stevens.edu
Fri May 8 00:15:05 EDT 2020


Mark Freeman <mfreema1 at stevens.edu> wrote:
 
> Do servers commonly lie about what specific technology they are using?

By and large, no.  It is more common for a server to
simply not provide the information than outright lie
about it.

The reason is that generally it can be rather useful
for troubleshooting to be able to quickly and easily
tell what version of the software is running, so
sending the wrong version will likely lead to
confusion for the operational team, while not really
providing much in the way of security.

This is because an attacker is likely to try out any
given attack vector against your system, even if your
system reports as not using the known vulnerable
version.  See "security by obscurity".

-Jan


More information about the cs615asa mailing list