joe7

That is not always an option and still the version would be displayed.

OK so having ssh version and server software know is bad. Lets fix this. Thanks. That will be useful. Really? So that means there is no way to hide or fake the version without breaking things? Having a version reply show up in a web browser seems old for ssh. At least that should be disabled some how, but if a scanner can find the version then there is no point.

I took the IP address of a website and append :22 to the end and got this return SSH-2.0-OpenSSH_ver-num The version is several versions old I think that is bad because its telling a possible attacker what version of openSHH they are running so the attacker would know what exploits to try to run. Then I ran curl to see what server software they are running curl -I IP address ... Server: Microsoft-IIS/6.0 This too is bad for the same reason. How can this information be hidden? Could a scanner have found this information? Does this information being available even matter?

Is it even a concern to try to make finding a company IP address hard?

If the company has their email and website hosted outside their network then the attacker would be left wih using social engineer, physical access, or web service exploits to find the company's IP address?

Can the IP address be falsified while allowing the receiver to reply to the true sender? The company could use an external email host system so they would not be giving out their IP. The mail would just be routed to them and the IP address would not have to be falsified. Is hiding the company's IP address a legitimate concern? Pinging a web address will return an IP address. Requesting header information(curl -I www.example.com) will usually return server information. How could that be useful in attacking a website? The IP address is not the direct web server being targeted, but the header information is from the target server. Beyond that it seems like the means of attack are dealing with dynamic nature of a website to hopefully inject or exploit services through it. Are there other common methods of website attack? What is the gain for attacking a website? DoS, defacing, multiple forms of data extraction?

Company X has a website and an internal network. The website is hosted by a provider; the site is not on X's network. X's network has Internet access so they can browse, send email etc. The website is the public world access to the company. They can see and read up about the company. All good and dandy. X's internal network has security measures in place, that any good company should; IDS, IPS, firewalls, IPtables galore. An attacker(or what have you) wants to breach company X's internal network for what ever purpose. To do so, the attacker needs to know how the company connects to the Internet. The company's connection is referenced by their assigned IP address from their ISP. How can an attacker find the IP address of the company and how can the company make such information hard to obtain? A ping sweep is not practical and so is trying to attack the ISP. Could one possible option be breaching the company website to try and find traffic information that points to the company's IP address? I can't think of any other way of finding the IP address of the company. I know if the attacker as physical access to the network he could directly jack in or setup a rouge wireless AP. Or the attacker can gain documents or verbal communication to discover VPN info or other remote access methods. But I want to know how it is possible for an attacker to determine how to remotely access the company's network without using the aforementioned techniques. This brings up another question. In a typical set up a website is not hosted directly by a company X. The site is hosted by a hosting business. To be more efficient and modern Hosts use visualization. So when sending pings or other traffic to a website it is not directly hitting one entity. The traffic is being routed internally; it hits the routing machines, then the server running the VM, directed to the right VM, and finally processed appropriately by the localized server software. In short when pining a website you are indirectly touching a single server. So how can a single website be compromise when there are so many layers of the hosting framework? It seems like the target server is buried far away and just getting to one site requires breaking through many systems merely for one target. Does the VM host server have to be compromised first? I know SQL injections will leak private data that could be useful in attacking a website. Where and what security measures need to placed to prevent website directed attacks?