9
Jul

Masking the Server in an HTTP header using Cisco ASA.

Written by Brandon Carroll  |  under CCIE Security

Welcome back!

It’s been a bit since I have posted but a lot has been going on. I’ve recently launched my CCNA Mentoring Program, I was a Customer Speaker at CiscoLive in San Francisco, and I’ve had a ton of family and friends at my house. While I had the opportunity to speak this year at CiscoLive one of the attendees requested a configuration that I mentioned when talking about the ASA. The idea was to mask the banner of a web server using the ASA. Referring to the figure below, here is how it works.

  1. The User on the Desktop PC makes a telnet connection to port 80 of the web server.
  2. The User enters GET/ HTTP/1.1
  3. The Server Returns the Bad Request Error with the Server Banner in it Stating that it is an IIS Server
  4. The ASA spoofs that banner making it appear to be an Apache/2.2 Server.

http-spoof

It’s actually acomplished by a very simple MPF configuration as seen below:

access-list HTTP permit tcp any any eq www

class-map HTTP
match access-l HTTP

policy-map type inspect HTTP_SPOOF
parameters
spoof-server "Apache/2/2/0 (Unix)
policy-map HTTP
class HTTP
inspect http HTTP_SPOOF

service-policy HTTP interface outside

Well that’s about it. Hope you find this useful!

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Leave a feedback:

Name (required)

Email (required)

Website

Comments

2009 (c) GlobalConfig.net, Using the Minimalistic Theme : Powered by WordPress

Switch to our mobile site