Re: Banner Grabbing

To:	pen-test@securityfocus.com
Subject:	Re: Banner Grabbing
From:	"Jamie Riden" <jamie.riden@gmail.com>
Date:	Fri, 22 Dec 2006 17:16:34 +1300
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
Domainkey-signature:	a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=RnSQ+jQL/Rn2kHQt0PgCUOl5rRyABY0vTaEjAtHmw4TABIilYLKYwNL8F9WBGW87ShSwUyhy4bN95gYqnXAwA8Rx533HYdupN0uuhn3c/LqGuPa6FocIVJn4zLmngPIsI5SzuapVWOX4wbFrrSVa67z5qVS8GvFuq3p/eKlu3BA=
In-reply-to:	<17b0fcab0612211955t574eab1bn410f8d7b34c187c8@mail.gmail.com>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
References:	<20061217214314.31307.qmail@securityfocus.com> <458628A2.9030208@dmzs.com> <a43117df0612180009t3f572594k56dbeeef976cbcb4@mail.gmail.com> <45869D9F.4070108@dmzs.com> <e5c44eea0612210738t47695f9ele13a0c8060d18e21@mail.gmail.com> <052401c72551$230494f0$0300a8c0@m1chomelab.com> <17b0fcab0612211955t574eab1bn410f8d7b34c187c8@mail.gmail.com>
Resent-date:	Thu, 21 Dec 2006 20:15:14 -0700 (MST)
Resent-from:	pen-test-return-1078483312@securityfocus.com
Resent-message-id:	<20061222031514.E9D382372D9@outgoing3.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com

On 22/12/06, Michael J Condon <mjc001@jjuno.com> wrote:

What steps can be used to prevent "OS Banner Grabbing" by the client? Also,
what is the best method or "attack" to get to a banner on MS and non MS
Operating Systems?


[resend, bounced due to nonsubscribed address]

Banner grabbing: 'telnet victim.example.com <port>' will often get you
a banner. My favourite is 'nmap -sV victim.example.com' which will do
all the work for you.

To prevent banner grabbing, you can alter or hide banners for various
services, but since many exploits are automated and a lot of people
launch attacks blindly, I don't see this as a must-do item. There are
other ways of identifying services other than reading the welcome
banner, and it won't help you if your service is actually vulnerable.

cheers,
Jamie
--
Jamie Riden, CISSP / jamesr@europe.com / jamie.riden@gmail.com
NZ Honeynet project - http://www.nz-honeynet.org/

<Prev in Thread]	Current Thread	[Next in Thread>
PCI Compliance (Vulnerability Scans), 09sparky RE: PCI Compliance (Vulnerability Scans), Erin Carroll Re: RE: PCI Compliance (Vulnerability Scans), 09sparky Re: PCI Compliance (Vulnerability Scans), David M. Zendzian Re: PCI Compliance (Vulnerability Scans), Vivek Chudgar Re: PCI Compliance (Vulnerability Scans), David M. Zendzian Re: PCI Compliance (Vulnerability Scans), bf Re: PCI Compliance (Vulnerability Scans), David M. Zendzian Banner Grabbing, Michael J Condon Message not available Re: Banner Grabbing, Jamie Riden <= Message not available Re: Banner Grabbing, Jamie Riden Re: Banner Grabbing, Dan Catalin Vasile Re: Banner Grabbing, sami ghourabi Message not available Re: Banner Grabbing, sami ghourabi Re: Banner Grabbing, Vikas Singhal Re: Banner Grabbing, Eric Kollmann

Previous by Date:	RE: Port 1443, Richards, Jim
Next by Date:	Re: Port 1443, Jamie Riden
Previous by Thread:	Banner Grabbing, Michael J Condon
Next by Thread:	Re: Banner Grabbing, Jamie Riden
Indexes:	[Date] [Thread] [Top] [All Lists]