Re: How to Hide the IIS FTP Banner ?

From: Alun Jones [MS MVP - Security] (alun_at_texis.invalid)
Date: 05/18/04 

Date: Tue, 18 May 2004 14:28:39 GMT

In article <j92ka0dtovanl7rscnn7n2fpm3ftoc97n6@4ax.com>, Paul Lynch
<paul.lynch@nospam.com> wrote:
>I know that obscurity isn't security but I suppose it can be useful as
>part of the overall picture.

Not really. There are two scenarios:

1. You are being deliberately and specifically targeted for an attack.

In this case, the attacker will have numerous ways (social engineering,
fingerprinting, etc) besides the banner to discover what FTP server you are
running.

2. You are being attacked as a result of a "scattershot" attack.

In this case, the attacker will be trying the "attack of the day" against a
particular FTP server - he won't be checking the banner, and if you're
running a vulnerable FTP server, you'll be hit.

Of course, the question then becomes whether there is a downside to changing
the banner greeting - undoubtedly, the answer is "yes". FTP clients are
including more and more specific features designed for particular servers.
As a result, they have to know what server type they are connecting to,
before they can enable these features. So, you lose functionality when
connecting to a server that hides its banner.

Okay, so no perceivable gain, and a perceivable loss. Why do it? Because
some idiot at a "security audit company" thought it would sound like a good
idea. Beware of snake-oil vendors.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.] 

-- 
Texas Imperial Software   | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place   | alun@texis.com.
Cedar Park TX 78613-1419  | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.

Relevant Pages

  • Re: How to Hide the IIS FTP Banner ?
    ... >>I know that obscurity isn't security but I suppose it can be useful as ... You are being deliberately and specifically targeted for an attack. ... etc) besides the banner to discover what FTP server you are ...
    (microsoft.public.inetserver.iis.ftp)
  • [NT] Microsoft Internet Explorer FTP Command Injection Vulnerability
    ... Get your security news from a reliable source. ... Microsoft Internet Explorer FTP Command Injection Vulnerability ... possibly steal data and upload malicious files to an FTP server under the ...
    (Securiteam)
  • [NEWS] 3com NBX IP Phone System Denial of Service Attack (CEL)
    ... Beyond Security would like to welcome Tiscali World Online ... It was possible to make the remote FTP server crash by issuing this ... a windows client by telneting to the NBX server on port 21 or by ... call manager located on the outside of their firewall, ...
    (Securiteam)
  • Re: Strange response from network
    ... > to guess what service generally resides at the open port it found. ... > instance, if I ran my FTP server on port 22, nmap would detect it as an ... Ethical Hacking at the InfoSec Institute. ... learn to write exploits and attack security infrastructure. ...
    (Pen-Test)
  • Re: MT Newswatcher
    ... Having MT-NW automatically fetch the file from a ftp server is similar, ... As far as security goes, you are just as responsible for maintaining the ... file only contains the names of news groups to which you are subscribed ...
    (comp.sys.mac.apps)