Re: How to Hide the IIS FTP Banner ?
From: Alun Jones [MS MVP - Security] (alun_at_texis.invalid)
Date: 05/18/04
- Previous message: TJ: "Re: page can not be displayed error when opening ftp files"
- In reply to: Paul Lynch: "Re: How to Hide the IIS FTP Banner ?"
- Next in thread: Bernard: "Re: How to Hide the IIS FTP Banner ?"
- Reply: Bernard: "Re: How to Hide the IIS FTP Banner ?"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 18 May 2004 17:35:22 GMT
In article <kf9ka05mkbfaaaljh5i7elc3g8c32u68rb@4ax.com>, Paul Lynch
<paul.lynch@nospam.com> wrote:
>So then making it that bit harder for them to find out that
>information has to be a good thing, no ? If their social engineering
>or fingerprinting skills aren't up to scratch then you've just reduced
>their attack surface that bit more, no ?
Not really, no. Someone who's targeting you will not rely on any
information that is given to them, and will collect a bunch of information
before starting their attack. They have to believe that they will be
detected, so they have a short window of time to do the actual attack. So,
they will collect as much information as possible ahead of time.
>Agreed, but if you were savvy enough to try and mask your server's
>true identity then one would *assume* that you wouldn't be running a
>vulnerable server in the first place so it wouldn't make any
>difference anyway for such an attack.
How do you know that the server is vulnerable or not? There is no way to
know, until a vulnerability is discovered and announced, that your server
has a vulnerability.
>I wasn't aware of this. Have you got any examples of clients which
>take advantage of this and what functionality you break if you mask
>the server ID ? Just curious....
Any FTP client that has a setting for you to specify what kind of server
you're connecting to. You'd have to ask the client authors about that, it's
not something that has greatly interested me. The point is that they have
the feature, and it would be a waste if it was unnecessary.
Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
-- Texas Imperial Software | Find us at http://www.wftpd.com or email 1602 Harvest Moon Place | alun@texis.com. Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
- Previous message: TJ: "Re: page can not be displayed error when opening ftp files"
- In reply to: Paul Lynch: "Re: How to Hide the IIS FTP Banner ?"
- Next in thread: Bernard: "Re: How to Hide the IIS FTP Banner ?"
- Reply: Bernard: "Re: How to Hide the IIS FTP Banner ?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
