Re: Banner Grabbing

From: Jamie Riden (jamie.riden@gmail.com)
Date: Thu Dec 21 2006 - 23:16:34 EST

• Next message: Jamie Riden: "Re: Port 1443"
• Previous message: Richards, Jim: "RE: Port 1443"
• Maybe in reply to: Michael J Condon: "Banner Grabbing"
• Next in thread: Jamie Riden: "Re: Banner Grabbing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On 22/12/06, Michael J Condon <mjc001@jjuno.com> wrote:
> What steps can be used to prevent "OS Banner Grabbing" by the client? Also,
> what is the best method or "attack" to get to a banner on MS and non MS
> Operating Systems?

[resend, bounced due to nonsubscribed address]

Banner grabbing: 'telnet victim.example.com <port>' will often get you
a banner. My favourite is 'nmap -sV victim.example.com' which will do
all the work for you.

To prevent banner grabbing, you can alter or hide banners for various
services, but since many exploits are automated and a lot of people
launch attacks blindly, I don't see this as a must-do item. There are
other ways of identifying services other than reading the welcome
banner, and it won't help you if your service is actually vulnerable.

cheers,
 Jamie

--
Jamie Riden, CISSP / jamesr@europe.com / jamie.riden@gmail.com
NZ Honeynet project - http://www.nz-honeynet.org/

• Next message: Jamie Riden: "Re: Port 1443"
• Previous message: Richards, Jim: "RE: Port 1443"
• Maybe in reply to: Michael J Condon: "Banner Grabbing"
• Next in thread: Jamie Riden: "Re: Banner Grabbing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:29 EDT