Montana State University
Jeff Rowe and Karl Levitt
University of California, Davis
Cyber attacks continue to increase in sophistication. Advanced attackers often gather information about a target system before launching a precise attack to exploit a discovered vulnerability. This paper discusses techniques for remote identification of web servers and suggests possible defenses to the probing activity. General concepts of fingerprinting and their application to the identification of Web servers, even where server information has been omitted are described and methodologies for detecting and limiting such activity are discussed.
Keywords: Webserver Fingerprinting HTTP
Read Paper (in PDF)