Re: Prevent banner grabbing

From: Jeff P. Van Dyke (jpv_at_vandyke.com)
Date: 12/11/03

  • Next message: Ashish Kumar: "SSH / PRIV SEP / LINUX issue"
    To: "Byron Sonne" <blsonne@rogers.com>, "Andrea Riela" <ml@nesys.it>
    Date: Wed, 10 Dec 2003 16:00:24 -0700
    
    

    > > I've a system with openBSD 3.3 and OpenSSH_3.7.1.
    > > How could I prevent a banner grabbing?
    >
    > You can't.
    >
    > As far as I know, the protocol spec *requires* the banner to be sent
    > so that connecting clients can determine what protocol versions to
    > use.

    The protocol requires the first part of the banner to be sent.

    For example:

      SSH-2.0-<version>

    I don't recall if OpenSSH lets you change this, but other
    implementations including ours allow you to configure the
    banner to be more generic. For example, changing it from:

      SSH-2.0-VShell_2_2_3_578 VShell

    to

      SSH-2.0-1.0

    Jeff P. Van Dyke
    jpv@vandyke.com
    www.vandyke.com


  • Next message: Ashish Kumar: "SSH / PRIV SEP / LINUX issue"

    Relevant Pages

    • Re: SSHD Banners and rsync
      ... The SSH user authentication protocol has a mechanism ... to send a "banner" to the client. ... This is done as a structured message ...
      (comp.security.ssh)
    • Re: Re[3]: HTTP Headers
      ... > LS> service banner - whether it be HTTP, FTP, SSH, whatever. ... The protocol version needs to be present, but the server daemon ...
      (Security-Basics)
    • Re: openssh
      ... I wasn't aware of that banner is part of the protocol. ... the only reason i wanted it to be removed is due to when scaners scan my box ... vulnerabilty there. ...
      (FreeBSD-Security)
    • Re: Banner Grabbing
      ... Michael J Condon a écrit: ... Subject: Banner Grabbing ... what is the best method or "attack" to get to a banner on MS and non MS Operating Systems? ... With a simple telnet client you can grab almost all banners, but netcat is the most recommended tool for this kind of job. ...
      (Pen-Test)
    • Re: Banner Grabbing
      ... what is the best method or "attack" to get to a banner on MS and non MS ... Operating Systems? ... Banner grabbing: 'telnet victim.example.com ' will often get you ...
      (Pen-Test)