[SATLUG] Presidential Candidate Websites

Todd W. Bucy toddwbucy at grandecom.net
Mon Sep 15 22:15:18 CDT 2008


wouldnt it be simpler to look at thier FEC quartly reports to see who
they are paying then do a little research on the tech companies they pay
out too?

here is obama's quartly debt report
http://query.nictusa.com/pres/2007/Q3/C00431445/D_DEBTS_C00431445.html

here is mccain's
http://query.nictusa.com/pres/2007/Q1/C00430470/B_PAYEE_C00430470.html

Todd

On Mon, 2008-09-15 at 22:01 -0500, Jon Mark Allen wrote:
> On Mon, Sep 15, 2008 at 15:22, Ernest De Leon <edeleonjr at gmail.com> wrote:
> > That was actually something I thought about...perhaps they are behind some
> > F5's that were configured to respond as IIS?   That would be pretty odd, but
> > then again, it would be pretty funny.
> >
> > Ernest
> >
> 
> Not too long ago, I worked for a company that used F5's.  It's true you
> *could* configure them to change the server banner (with what F5 calls
> an "iRule" which is really just a python script), but it'd be *much*
> simpler to change the banner in the webserver itself (which can always
> be fun...)
> 
> The typical OS fingerprinting process doesn't (necessarily) concern
> itself with the server banner.  I usually look at TCP or ICMP
> characteristics instead.
> 
> For instance, the Time to Live (TTL) field is a good place to quickly
> look for a rough guess at the remote OS.  [1] has a good overview of
> the default values per OS.  And a slightly more in-depth look of some
> other fields of interest when fingerprinting is available at [2].
> (Disclaimer: I wrote that paper :-) )
> 
> [1] http://secfr.nerim.net/docs/fingerprint/en/ttl_default.html
> [2] http://www.sans.org/reading_room/whitepapers/protocols/1891.php
> 
> -- 
> JM
> 
> /* If you haven't found something strange during the day, it hasn't been
> much of a day.
> -- John A. Wheeler */



More information about the SATLUG mailing list