It’s been a bit since I have posted but a lot has been going on. I’ve recently launched my CCNA Mentoring Program, I was a Customer Speaker at CiscoLive in San Francisco, and I’ve had a ton of family and friends at my house. While I had the opportunity to speak this year at CiscoLive one of the attendees requested a configuration that I mentioned when talking about the ASA. The idea was to mask the banner of a web server using the ASA. Referring to the figure below, here is how it works.
- The User on the Desktop PC makes a telnet connection to port 80 of the web server.
- The User enters GET/ HTTP/1.1
- The Server Returns the Bad Request Error with the Server Banner in it Stating that it is an IIS Server
- The ASA spoofs that banner making it appear to be an Apache/2.2 Server.
It’s actually acomplished by a very simple MPF configuration as seen below:
access-list HTTP permit tcp any any eq www
class-map HTTP
match access-l HTTP
policy-map type inspect HTTP_SPOOF
parameters
spoof-server "Apache/2/2/0 (Unix)
policy-map HTTP
class HTTP
inspect http HTTP_SPOOF
service-policy HTTP interface outside
Well that’s about it. Hope you find this useful!
