[SATLUG] Presidential Candidate Websites
Jon Mark Allen
jm at allensonthe.net
Mon Sep 15 22:01:08 CDT 2008
On Mon, Sep 15, 2008 at 15:22, Ernest De Leon <edeleonjr at gmail.com> wrote:
> That was actually something I thought about...perhaps they are behind some
> F5's that were configured to respond as IIS? That would be pretty odd, but
> then again, it would be pretty funny.
Not too long ago, I worked for a company that used F5's. It's true you
*could* configure them to change the server banner (with what F5 calls
an "iRule" which is really just a python script), but it'd be *much*
simpler to change the banner in the webserver itself (which can always
The typical OS fingerprinting process doesn't (necessarily) concern
itself with the server banner. I usually look at TCP or ICMP
For instance, the Time to Live (TTL) field is a good place to quickly
look for a rough guess at the remote OS.  has a good overview of
the default values per OS. And a slightly more in-depth look of some
other fields of interest when fingerprinting is available at .
(Disclaimer: I wrote that paper :-) )
/* If you haven't found something strange during the day, it hasn't been
much of a day.
-- John A. Wheeler */
More information about the SATLUG