Hello Ralph, Sunday, May 19, 2002, 10:50:23 AM, you wrote:
RD> I often like to know if a particular web server is running Unix or RD> Winblows. A port scanner is a useful tool in making that determination.
[allan@ns1 phpdig]$ telnet www.istop.com 80 Trying 216.187.106.194... Connected to dci.doncaster.on.ca (216.187.106.194). Escape character is '^]'. HEAD / HTTP/1.0
HTTP/1.1 200 OK Date: Sun, 19 May 2002 01:47:57 GMT Server: Apache/1.3.22 (Unix) FrontPage/4.0.4.3 PHP/4.1.2 mod_fastcgi/2.2.8
RD> Sure, it works on some servers, but try it on yahoo.com, cnn.com, ... As I think Eddy already mentioned, you can try Netcraft. Of course in the cases of Yahoo and CNN you have an Akamai factor...though CNN does return some useful information: telnet www.cnn.com 80 Trying 207.25.71.20... Connected to www1.cnn.com (207.25.71.20). Escape character is '^]'. GET / HTTP/1.0 HTTP/1.1 200 OK Server: Netscape-Enterprise/4.1 Date: Sun, 19 May 2002 14:58:55 GMT Last-modified: Sun, 19 May 2002 14:58:55 GMT Expires: Sun, 19 May 2002 14:59:55 GMT Cache-control: private,max-age=60 Content-type: text/html Connection: close And, you can also try the direct approach: e-mail the webmaster and ask :). I guess the point I am trying to make is that there are ways of finding out this information without having to resort to portscans. The example of bank is a very good one. With all of the security risks involved in managing a web server, and the associated database, it seems very important to ask the bank for an explanation of the steps they have taken to secure their website, and their customer database. If they don't give a satisfactory bank somewhere else (or offer your services ;)). Certainly that is a better approach than scanning to see what you can find out. The organization receiving the scan has no way of knowing what your intentions are -- and should interpret them as hostile. allan -- allan allan@allan.org http://www.allan.org