Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Activity Processors: Header Processor: Incident - Missing All Headers

    Complexity: Low (2.0)

    Default Response: 1x = Slow Connection 2-6 seconds for 1 day and Captcha.

    Cause: Most legitimate web browsers and tools submit at least a few headers with each HTTP request. Headers are used to provide valuable information to the server when trying to construct a response, such as what type of browser the user is using, or what domain name they are trying to access. If a user submits a request that does not contain any headers at all, this incident will be triggered. Note that this incident only triggers on HTTP 1.1 requests (not on HTTP 1.0 requests). Also note that "X-" headers are not counted as headers for this incident.

    Behavior: Not providing any headers at all is generally an activity performed when probing an IP to see if it is running a webserver. The user will submit a minimal request containing 1 line of text, and see if the response given back from the server is an HTTP response. If so, the attacker has confirmed that the IP is hosting a webserver on the given port. In many cases, the attacker will also be able to identify which webserver is running, and if that webserver has any known vulnerabilities. Such information can then be used to attack the webserver directly.

    Published: 2015-02-04