RE: plugging old IIS FTP holes
From: Stuart (secmail_at_patchsupplier.dyndns.org)
Date: 07/21/03
- Previous message: Marc Fossi: "Article Announcement: Waiting for the Worms"
- Maybe in reply to: Douglas Schlenker: "plugging old IIS FTP holes"
- Next in thread: Lee Evans: "RE: plugging old IIS FTP holes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <focus-ms@securityfocus.com> Date: Mon, 21 Jul 2003 16:39:35 +0100
All,
After weighing up the advantages of changing the banner (I could not
think of any) I was also wondering if the integrity of the servers
security can be compromised by running such tools to change banner (such
as installing a root kit)
Thanks for everyones help
Stu
-----Original Message-----
From: Levinson, Karl [mailto:LevinsonK@STARS-SMI.com]
Sent: 21 July 2003 16:07
To: 'Stuart'; focus-ms@securityfocus.com
Cc: 'Douglas Schlenker'
Subject: RE: plugging old IIS FTP holes
AFAIK, Microsoft does not support this, according to the article below.
[The article mentions NT and 2000, but should also be true for XP.]
http://support.microsoft.com/default.aspx?scid=kb;en-us;316998
Here's one tool that supposedly will do this:
http://www.nstalker.com/banners.php
And a quick Google search also returned this article:
http://www.geocities.com/allegro162002/banner.txt
Links to articles on how to change other IIS banners [and reasons why
doing
this may or may not improve your security very much] can be found at:
http://securityadmin.info/faq.asp#banner
http://community.whitehatsec.com/articles/02/10/09/1813224.shtml
http://www.nextgenss.com/papers/iisrconfig.pdf
To the original poster, I feel obligated to recommend making sure that
if
the anonymous account [IUSR by default] is enabled, it does not have
both
read and write permission to any one folder, especially if the FTP
service
will be visible from the internet, for the reasons described at
www.cert.org/tech_tips
Removing the Posix subsystem might also be something to consider
concerning
the above mentioned type of FTP server abuse. See:
www.microsoft.com/technet/security/tools/chklist/CheckList.htm#4
www.labmice.net/articles/securingwin2000.htm
Last, any patches you may be missing can be found by going to
www.microsoft.com/technet/security and either installing Windows 2000
SP4
or, if you have a reason for avoiding SP4, use the Hotfix Search to find
the
latest post SP3 patches for IIS and all your other installed Microsoft
software components. [While you're there, you might also run MBSA /
hfnetchk both now and at regular intervals to look for missing patches
and
security issues.]
HTH
karl
-----Original Message-----
From: Stuart [mailto:secmail@patchsupplier.dyndns.org]
Sent: Monday, July 21, 2003 10:20 AM
To: focus-ms@securityfocus.com
Subject: RE: plugging old IIS FTP holes
Has anyone been successful in removing the "Microsoft FTP Service" part
of the banner? Or does anyone know of a way to do this?
-----------------------------------------------------------------------------
------------------------------------------------------------------------------
- Previous message: Marc Fossi: "Article Announcement: Waiting for the Worms"
- Maybe in reply to: Douglas Schlenker: "plugging old IIS FTP holes"
- Next in thread: Lee Evans: "RE: plugging old IIS FTP holes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
