News from PANUG - August 7, 2001 http://www.panug.org THE DEATH OF TCP/IP Patrick Corrigan points out the following article that talks about Microsoft's plan to obsolete TCP/IP and replace it with their own proprietary protocol. http://www.pbs.org/cringely/pulpit/pulpit20010802.html WHAT WEB SERVER? by Ed Sawicki How can you quickly tell what web server a web site is using? Simple. Run a telnet program on your computer and connect to the web server's port 80. Then issue a HEAD request. The web server will respond with it's identity. How do you do this precisely? Here's the steps: See the end of this article for notes on how to do this with Windows. From a Linux or Unix command prompt, using Novell's web site as an example: 1. Type "telnet www.novell.com 80". You'll see this: Trying 192.233.80.11... Connected to www.novell.com. Escape character is '^]'. 2. Type these two lines: HEAD / HTTP/1.1 Host: www.novell.com 3. Press the Enter key again (creating a blank line). You'll see something similar to this: HTTP/1.1 200 OK Server: NetWare-Enterprise-Web-Server/5.1 Date: Tue, 07 Aug 2001 17:20:45 GMT Last-Modified: Fri, 03 Aug 2001 18:14:18 GMT Content-Type: text/html This output will continue on for a few more lines. The Server: line in the output tells you that Novell's web site is running the Netscape Enterprise Server on NetWare. The above procedure works the same with Windows. Just run the Windows telnet program with the same command line parameters. You may be confused by what you see on the screen. When I tried this on my Windows 2000 computer, the telnet program did not echo to the screen and I couldn't figure out how to enable local echo. So, I typed in the blind and still saw the web server's response. PROTECTING IIS by Ed Sawicki A few days ago I got spammed by a company called Trusecure. The message said that there were 650,000 victims of the Code Red Worm but customers running their security software were not affected. I'm assuming that a victim is a computer running IIS and not an indication of the number of people affected. If it were people, the number would be in the tens of millions because we're all victims of Code Red whether we run IIS or not. If it's the number of computers running IIS, I'm surprised there are so many servers in the world running IIS and so many people willing to run it given the rich history of security problems with the product. I was curious whether Trusecure - a security company - used IIS for their own web server. I connected to their web server with a telnet client and sent a HEAD request - as explained in the above article. The response identified the web server as Apache 1.3.11 running on Unix! I connected to port 25 and was greeted by Sendmail running on Unix. Trusecure sells securty products to protect products like IIS but they don't use IIS or any other Microsoft servers. I spoke to their IS manager, and he says that they're a Unix/Linux shop. To run Microsoft servers would invite attacks and increase their costs. If you MUST run IIS because some suit in your company mandates it, perhaps you should check out the Trusecure security products. Alternatively, you could convince your company to be smart and do what security companies do. APACHE COURSE PANUG is co-hosting a 2-day course on the Apache web server on September 5-6. If you're running IIS, here's your chance to do us all a favor and convert.