Re: Probe for unannounced web servers in a domain?

To: www-security@ns2.rutgers.edu
Subject: Re: Probe for unannounced web servers in a domain?
From: "Kenneth E. Rowe" <kerowe@aslan.ncsa.uiuc.edu>
Date: Tue, 20 Feb 1996 08:00:09 -0600
In-Reply-To: Richard Huddleston <reh@wam.umd.edu> "Re: Probe for unannounced web servers in a domain?" (Feb 19, 11:04pm)
References: <199602200404.XAA01491@exp3.wam.umd.edu>
Reply-To: "Kenneth E. Rowe" <kerowe@ncsa.uiuc.edu>

On Feb 19,  3:46pm, Prentiss Riddle wrote:
> Subject: Probe for unannounced web servers in a domain?
> I am looking for tools and/or methods for discovering unannounced web
> servers in my domain, a typical heterogeneous unfirewalled university
> site.
>
> My motivation is partly security (to turn over as many rocks as I can
> and see what wriggles out) and partly to automatically publicize
> legitimate servers that students or departments may have set up on
> their own machines.
{stuff deleted}
>-- End of excerpt from Prentiss Riddle

Keep in mind that some folks may have intentionally not advertised their web
server, especially if they are running on non-standard port numbers (e.g. 80,
8080).  I'd be careful about 'automatically' publicizing  servers.

Ken.

-- 
----------------------------------------------------------
Kenneth E. Rowe			kerowe@ncsa.uiuc.edu
Senior Security Engineer /	(217) 244 5270 (office)	
           Security Coordinator	(217) 244 0710 (IRST)
National Center for Supercomputing Applications
University of Illinois at Urbana-Champaign
*** email irst@ncsa.uiuc.edu for computer incident response ***
----------------------------------------------------------

References:

Re: Probe for unannounced web servers in a domain?

From: Richard Huddleston <reh@wam.umd.edu>

From:

Previous: WWW Corporate Policy Request
Next: Re: Web server update problem
Index(es):
- Index
- Thread