Snort - Information Leak (403)

First time I've had a question that I couldn't find already answered here - Thanks WHT!

I'm new to IDS and installed Snort on a VPS running FC2 w/directadmin and using apf - getting an "Attempted Information Leak" from a "403 Forbidden" error - I understand that this is pretty common and am familiar with the 403.

When I look at the packet capture, I see what looks like a reply from my server which includes php, ssl, perl, frontpage, etc... version numbers. If I telnet to port 80 I get only the 403 page.

Is the version information getting leaked or is this getting blocked somewhere between Snort & the interface?

Just curious, thanks, Ron

 

 

 

 

Top