Re: How to Hide the IIS FTP Banner ?

From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 05/20/04 

Date: Thu, 20 May 2004 06:53:43 -0400

"Alun Jones [MS MVP - Security]" <alun@texis.invalid> wrote in message
news:o4pqc.929$TZ1.505@newssvr23.news.prodigy.com...

> There are two scenarios:
>
> 1. You are being deliberately and specifically targeted for an attack.
>
> In this case, the attacker will have numerous ways (social engineering,
> fingerprinting, etc) besides the banner to discover what FTP server you
are
> running.

So you should give up and not try to hide your OS at all? Or not do
anything to try to make the OS a little harder to determine?

> Of course, the question then becomes whether there is a downside to
changing
> the banner greeting - undoubtedly, the answer is "yes". FTP clients are
> including more and more specific features designed for particular servers.
> As a result, they have to know what server type they are connecting to,
> before they can enable these features. So, you lose functionality when
> connecting to a server that hides its banner.

But those clients can still download and upload files, right? Perhaps some
server admins don't care about that extra functionality. Am I mistaken in
thinking that IIS FTP is a pretty bare-bones FTP service? People that chose
IIS as their FTP server are probably not doing it for any enhanced
functionality. Quite often, "enhanced functionality" is the things that
most people never use, except when a virus or hacker use it to compromise
their system... such as WebDAV, Index Services, WSH, VBA, etc.

I agree with you that changing the banner is not a large security benefit,
and that most people who pursue it haven't thought about all the other steps
it would also take to hide the OS version being used. However, I do think
that for some scenarios, such as highly secure systems where care has been
taken to mitigate OS fingerprinting and other necessary steps, changing the
banner can still be a good thing to pursue.

Changing the banner is a very common security recommendation, and if
Microsoft fails to give that functionality to customers, it will be
perceived that their OS is lacking common security features. Right or
wrong, this customer perception does have an impact.

Relevant Pages

  • Re: How to Hide the IIS FTP Banner ?
    ... if the automatic detection fails because the banner is gone). ... If your server is vulnerable ... going to be the target of most scattershot attacks. ... try putting an FTP server - any FTP server - online for a week ...
    (microsoft.public.inetserver.iis.security)
  • RE: FTP and ISA setup
    ... Please follow the instruction described on the following KB to enable external clients to access your FTP server. ... Local port: Fixed port ... Change the EnablePortAttack value to 1. ...
    (microsoft.public.windows.server.sbs)
  • Re: Is this a 3-Leg Perimeter scenario?
    ... Do you mean the FTP server is hosted on the ... This newsgroup only focuses on SBS technical issues. ... The detailed network diagram. ...
    (microsoft.public.windows.server.sbs)
  • Re: IIS Banner Change?
    ... >> tells what version of IIS your running, FTP version, SMTP ... > to your server and tell your windows version from the response. ... Here's how to use URLscan and also other things you may want to consider. ... Exchange server banner is not likely to be very useful to increasing your ...
    (microsoft.public.inetserver.iis.security)
  • Re: Microsoft FTP Server problem on W2K?
    ... client (rather than another server, as in proxy transfer), the IP address ... port) currently in use on the control connection. ... >the remote FTP server was, at least at a TCP level, prepared to accept the ...
    (microsoft.public.inetserver.iis.security)