Re: Change the Remoting User-Agent string ?
From: Ken Kolda (ken.kolda_at_elliemae-nospamplease.com)
Date: 12/27/04
- Next message: Ken Kolda: "Re: Serialization question with remoting"
- Previous message: Mehdi Mirzaie: "Local Server vs Remote Server"
- In reply to: Brian Anderson: "Re: Change the Remoting User-Agent string ?"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 27 Dec 2004 08:17:04 -0800
If you're worried about this level of stealth and the possibility of
snooping, you're certainly using SSL to encrypt the transmisions. In that
case, the User Agent string is as protected as any of the rest of the HTTP
communication from eavesdropping.
Ken
"Brian Anderson" <nospam@127.0.0.1> wrote in message
news:urcy5Oa6EHA.1204@TK2MSFTNGP10.phx.gbl...
> Think about what kind of information is given from the Clients to the
> Server:
>
>
Mozilla/4.0+(compatible;+MSIE+7.0b;+Windows+7.0.1942.0;+MS+.NET+Remoting;+MS
> > > +.NET+CLR+3.0.1942.7528+)
>
> Everybody who intercepts this string can run fine tuned attacks against
the
> client as he knows quite well what is going on.
> Today, you won't give out any information about yourself if you don't have
> to.
> You might even have signed a paper with your cusomers that disallows your
> Remoting Client to transmit any internal information into the outside
world.
> Giving detailed info about the Client OS IS internal information.
> When I pass the default User-Agent string, it's kind of spying out my
> customers and it's completely useless to transmit this string in normal
> Remoting scenarios.
>
> Hiding this string and tell the Server + Client to pass only strings like
> "MyTool Client 1.0" or "MyServer 1.0" helps to make the communication a
bit
> more stealth.
>
>
>
> ---
>
> "Sam Santiago" <ssantiago@n0spam-SoftiTechture.com> wrote in message
> news:uJr3FyU6EHA.2512@TK2MSFTNGP09.phx.gbl...
> > I guess the bigger question would be why do you want to do this?
> >
> > Thanks,
> >
> > Sam
> >
> > --
> > _______________________________
> > Sam Santiago
> > ssantiago@n0spam-SoftiTechture.com
> > http://www.SoftiTechture.com
> > _______________________________
> > "Brian Anderson" <nospam@127.0.0.1> wrote in message
> > news:O1E$o355EHA.1524@TK2MSFTNGP09.phx.gbl...
> > > Hello,
> > >
> > >
> > > a Client using HTTP-Binary sends a User string like this to the
server:
> > >
> > >
>
Mozilla/4.0+(compatible;+MSIE+7.0b;+Windows+7.0.1942.0;+MS+.NET+Remoting;+MS
> > > +.NET+CLR+3.0.1942.7528+)
> > >
> > > Now I wonder if it's possible to override this string with something
> > > shorter
> > > like "MyTool 1.0a".
> > >
> > > It seems that in System.Remoting.dll the constructor of this string is
> > > hardcoded and not accessable :(
> > >
> > > <snip>
> > > // transport sender sink used by HttpClientChannel
> > > internal class HttpClientTransportSink :
> BaseChannelSinkWithProperties,
> > > IClientChannelSink
> > > {
> > > private const String s_defaultVerb = "POST";
> > >
> > > private static String s_userAgent =
> > > "Mozilla/4.0+(compatible; MSIE 6.0; Windows " +
> > > "; MS .NET Remoting; MS .NET CLR " +
> > > System.Environment.Version.ToString() + " )";
> > > </snip>
> > >
> > >
> >
> >
>
>
- Next message: Ken Kolda: "Re: Serialization question with remoting"
- Previous message: Mehdi Mirzaie: "Local Server vs Remote Server"
- In reply to: Brian Anderson: "Re: Change the Remoting User-Agent string ?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
