[LINK] What is wrong with this picture? [previous topic: ASX
web site hacked]
Balmik Soin
vyxn@vyxn.net
Mon, 28 Feb 2000 20:28:09 +0800 (WST)
hey rick,
they have a solaris box either as a proxy/firewall setup or a loadsharing
setup sitting IN FRONT of the NT box... so when checking the web server
flags they get IIS, but when doing the TCP fingerprint it comes out as
solaris...
its quite common actually, and a lot of people get thrown by it.
more interestingly... nmap matches the TCP fingerprint to :
Cisco X.25/TCP/LAT Protocol Translator ver 8.2(4)
so perhaps its not solaris at all, but a loadsharing machine ?
Balmik.
On Mon, 28 Feb 2000, Rick Welykochy wrote:
> The Aussie Stock Exchange site is online again, after being
> out of commission due to a hack attack on the weekend.
>
> I've heard of Microsoft NT/IIS server systems masquerading as Apache,
> but this is getting a bit ridiculous:
>
> http://www.netcraft.com/whats/?host=www.asx.com.au
>
>
> Result:
> --------------------------------------------------------------------------------------
>
>
> www.asx.com.au
>
> www.asx.com.au is running Microsoft-IIS/4.0 on Solaris
>
> Microsoft-IIS is also being used by Compaq, Nasdaq, and The National Football League.
> Solaris users include General Motors, General Electric, AT&T, and PepsiCo.
>
> --------------------------------------------------------------------------------------
>
> And we thought that never the twain would meet.
>
> -rick w
>
>
> --
> Rick Welykochy || Praxis Services Pty Limited
>