How to hide kernel information
Praveen Kumar K S
praveenssit at gmail.com
Tue Apr 28 15:33:55 UTC 2020
Thank you for your support. I will take all your inputs into consideration
to fix this issue.
On Tue, Apr 28, 2020 at 8:47 PM J.R. <themadbeaker at gmail.com> wrote:
> > Okay. I exactly don't know how the Security Testing Team is able to get
> > kernel information. They use Qualys and Nessus for performing tests. All
> > can say is only port 443 allowed to the server and I thought asking you
> > guys if it is from Nginx or is there any way to handle it. Server is
> > firewall.
> As someone else commented, check your HTTP headers to make sure they
> aren't publishing something extremely obvious for the casual scanner.
> As for determining kernel version, the web server has zero control
> over that. The scanner program you are referring to fingerprints based
> on kernel TCP settings / support... i.e. TCP Flags, Window, Options,
> MSS, etc... Totally unrelated to nginx, and the same information
> could be gathered on any open service / port.
> nginx mailing list
> nginx at nginx.org
*K S Praveen KumarM: +91-9986855625 *
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx