Welcome! Log In Create A New Profile

Re: How to hide kernel information

Forum List Message List New Topic Print View

J.R.

April 28, 2020 11:18AM

> Okay. I exactly don't know how the Security Testing Team is able to get the
> kernel information. They use Qualys and Nessus for performing tests. All I
> can say is only port 443 allowed to the server and I thought asking you
> guys if it is from Nginx or is there any way to handle it. Server is behind
> firewall.

As someone else commented, check your HTTP headers to make sure they
aren't publishing something extremely obvious for the casual scanner.

As for determining kernel version, the web server has zero control
over that. The scanner program you are referring to fingerprints based
on kernel TCP settings / support... i.e. TCP Flags, Window, Options,
MSS, etc... Totally unrelated to nginx, and the same information
could be gathered on any open service / port.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
How to hide kernel information	Praveen Kumar K S	April 28, 2020 12:42AM
Re: How to hide kernel information	gariac	April 28, 2020 01:42AM
Re: How to hide kernel information	Praveen Kumar K S	April 28, 2020 01:56AM
Re: How to hide kernel information	Praveen Kumar K S	April 28, 2020 09:18AM
Re: How to hide kernel information	jvybihal	April 28, 2020 09:32AM
Re: How to hide kernel information	J.R.	April 28, 2020 11:18AM
Re: How to hide kernel information	Praveen Kumar K S	April 28, 2020 11:36AM
Re: How to hide kernel information	gariac	April 28, 2020 04:46PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 162

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018