Re: Server Hacking

Roger Gonzalez writes:
 > Okay, you wise guys.  There's a crucial issue on the table:
 > I've gotten several connections with "User-agent" headers that contain
 > things like:
 >   User-agent: SomeGuyTyping/1234.1234 (ha ha)
 > and
 >   User-agent: TelnetHacker/1.1
 > As you can see, there is vast potential for screwing up vital client s/w
 > statistics-gathering.  We simply must standardize how we snoop each
 > others servers.  :-)

You should not blindly trust (or even use automatically, or put back
in web 'stats' pages) any client sent header or you'll get bad
I think that ppl using telnet should not put in any User-agent:
(ok sometimes you must put fake mozillas,... to get the page you want)
Then, for instance I use "w3getv/0.1" for my simple w3getv that just
do an 'HEAD / HTTP/1.0' or "dlgeturl/2.4" when I use my geturl
version, and I imagine that everyone writing his minimal client throw
in his own header, which is not a bad thing as it allows you to know
somehow what 'tool' is used.... Of course ppl can joke/cheat, but
unless you get digital signature of headers you can not avoid it
{is that forseen ?}

Laurent Demailly * * Linux|PGP|Gnu|Tcl|...  Freedom
Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept

terrorist cryptographic genetic Khaddafi security DST Croatian

Received on Monday, 16 October 1995 09:26:44 UTC