Network Security: Detailed info on Re: Banner Grabbing

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Pen-Test

[Top] [All Lists]

Re: Banner Grabbing

from [Jamie Riden] Network Security

[Permanent Link]

Subject:	Re: Banner Grabbing
Date:	Fri, 22 Dec 2006 17:16:34 +1300

On 22/12/06, Michael J Condon <mjc001@jjuno.com> wrote:

What steps can be used to prevent "OS Banner Grabbing" by the client? Also,
what is the best method or "attack" to get to a banner on MS and non MS
Operating Systems?


[resend, bounced due to nonsubscribed address]

Banner grabbing: 'telnet victim.example.com <port>' will often get you
a banner. My favourite is 'nmap -sV victim.example.com' which will do
all the work for you.

To prevent banner grabbing, you can alter or hide banners for various
services, but since many exploits are automated and a lot of people
launch attacks blindly, I don't see this as a must-do item. There are
other ways of identifying services other than reading the welcome
banner, and it won't help you if your service is actually vulnerable.

cheers,
Jamie
--
Jamie Riden, CISSP / jamesr@europe.com / jamie.riden@gmail.com
NZ Honeynet project - http://www.nz-honeynet.org/

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
PCI Compliance (Vulnerability Scans), 09sparky RE: PCI Compliance (Vulnerability Scans), Erin Carroll Re: RE: PCI Compliance (Vulnerability Scans), 09sparky Re: PCI Compliance (Vulnerability Scans), David M. Zendzian Re: PCI Compliance (Vulnerability Scans), Vivek Chudgar Re: PCI Compliance (Vulnerability Scans), David M. Zendzian Re: PCI Compliance (Vulnerability Scans), bf Re: PCI Compliance (Vulnerability Scans), David M. Zendzian Banner Grabbing, Michael J Condon Message not available Re: Banner Grabbing, Jamie Riden <= Message not available Re: Banner Grabbing, Jamie Riden Re: Banner Grabbing, Dan Catalin Vasile Re: Banner Grabbing, sami ghourabi Message not available Re: Banner Grabbing, sami ghourabi Re: Banner Grabbing, Vikas Singhal Re: Banner Grabbing, Eric Kollmann

Previous by Date:	RE: Port 1443, Richards, Jim
Next by Date:	Re: Port 1443, Jamie Riden
Previous by Thread:	Banner Grabbing, Michael J Condon
Next by Thread:	Re: Banner Grabbing, Jamie Riden
Indexes:	[Date] [Thread] [Top] [All Lists]