Hi Zafer,
From what I see on the logs in my IDS/IPS system, hackers random fire any exploit, even when the servers have advertised what the OS is. I see tons of PHP exploits going to IIS servers and exploits against devices that don't have a open OS.
That's not say you can't make it difficult for the one guy who is out to exploit your site for the day.
In that case you can hide information from the most common areas
when HTTP_RESPONSE {
loop through and remove all instances of the unwanted
headers from the server response
(Server, Date, X-Powered-By in this example)
foreach header {Server Date X-Powered-By} {
while { [HTTP::header exists {$header}] } {
log local0. "Removing- $header: [HTTP::header value {$header}]"
HTTP::header remove {$header}
}
}
}
I have never tested this out but it's worth taking look into.
Also check out HTTP::header wiki (
Click here). There is a HTTP::header sanatize command that might do a trick or two
Thanks,
CB