The Microsoft Internet Information Server (IIS) Worm Wars of 2001 demonstrated that not all web servers are equally secure. The multiple rounds of rapidly spreading IIS worms dramatized a fact that had been troubling security professionals for quite some time: Compared to the other popular web server solutions, Microsoft’s offerings generate a continuous stream of serious security problems. Moreover, unlike embarrassing but comparatively benign problems such as web site defacement, Microsoft’s security vulnerabilities usually place the web site’s visitor data at risk of theft and malicious exploitation.
During the last quarter of 2001 we saw an increase in eMail asking if there was any way to tell what server software any given web site was using. Presumably, these users were either curious, or they intended to use that information, if it were available, to help choose which sites they would prefer not to entrust with their confidential and personal data.
This information is readily available . . .
Although the make, model, and version of most web site’s server software has always been available to client programs, it has never before been important or particularly interesting to most web site users. Recently, for at least some users, this appears to have changed. Since I have also sometimes wondered about the security and server software used by “off the beaten path” web sites, I decided to whip up “ID Serve“, a simple, free, small (26 kbytes), and fast, general purpose Internet server identification utility.
While I was at it, I added a few additional features . . .
While I was writing ID Serve, I decided to toss in a few more features to make it more broadly useful. Here’s the short list of ID Serve’s capabilities:
|HTTP Server Identification: As stated above, and as shown in the sample screen shot above, ID Serve can almost always identify the make, model, and version of any web site’s server software. This information is usually sent in the preamble of replies to web queries, but it is not shown to the user.|
|Non-HTTP Server Identification: Most non-HTTP (non-web) Internet servers (like FTP, SMTP, POP, NEWS, etc.) are required to transmit a line containing a numeric status code and a human readable greeting to any connecting client. So ID Serve can also connect with non-web servers to receive and report that server’s greeting message. This generally reveals the server’s make, model, version, and other potentially useful information.|
|Reverse DNS Lookup: As shown in the image above, most ID Serve users will enter a site’s or server’s domain name or URL. ID Serve will then use the domain name system (DNS) to determine the IP address for that domain. But sometimes it’s useful to go in the other direction to determine the domain name associated with a known and provided IP. This process, known as “reverse DNS lookup”, is also built into ID Serve. Simply enter any IP address and ID Serve will attempt to determine the associated domain name.|
Additional applications for ID Serve:
|Simple Cookie Scout: If you are curious about the appearance, format, expiration, and use of a web site’s browser cookies, ID Serve can be a convenient way to examine a web site’s cookies without either providing or accepting that site’s cookies. Simply scroll back through the “Server query processing” window to examine the “Cookie:” header lines sent by the site’s web server.|
|Simple Port Probe: ID Serve uses the standard Windows TCP protocol when attempting to connect to a remote server and port. Just like our ShieldsUP! port probe, ID Serve will display either connection success (an open port), or connection failure. In the event of a connection failure, ID Serve determines and displays whether the port is closed or stealth. ID Serve can, therefore, be used as a simple probe of any port on any remote machine.|
That’s all there is to it.