RE: plugging old IIS FTP holes

From: Levinson, Karl (LevinsonK_at_STARS-SMI.com)
Date: 07/21/03

  • Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #146"
    To: 'Stuart' <secmail@patchsupplier.dyndns.org>, focus-ms@securityfocus.com
    Date: Mon, 21 Jul 2003 11:07:25 -0400
    
    

    AFAIK, Microsoft does not support this, according to the article below.
    [The article mentions NT and 2000, but should also be true for XP.]

    http://support.microsoft.com/default.aspx?scid=kb;en-us;316998

    Here's one tool that supposedly will do this:

    http://www.nstalker.com/banners.php

    And a quick Google search also returned this article:

    http://www.geocities.com/allegro162002/banner.txt

    Links to articles on how to change other IIS banners [and reasons why doing
    this may or may not improve your security very much] can be found at:

    http://securityadmin.info/faq.asp#banner
    http://community.whitehatsec.com/articles/02/10/09/1813224.shtml
    http://www.nextgenss.com/papers/iisrconfig.pdf

    To the original poster, I feel obligated to recommend making sure that if
    the anonymous account [IUSR by default] is enabled, it does not have both
    read and write permission to any one folder, especially if the FTP service
    will be visible from the internet, for the reasons described at
    www.cert.org/tech_tips

    Removing the Posix subsystem might also be something to consider concerning
    the above mentioned type of FTP server abuse. See:
    www.microsoft.com/technet/security/tools/chklist/CheckList.htm#4
    www.labmice.net/articles/securingwin2000.htm

    Last, any patches you may be missing can be found by going to
    www.microsoft.com/technet/security and either installing Windows 2000 SP4
    or, if you have a reason for avoiding SP4, use the Hotfix Search to find the
    latest post SP3 patches for IIS and all your other installed Microsoft
    software components. [While you're there, you might also run MBSA /
    hfnetchk both now and at regular intervals to look for missing patches and
    security issues.]

    HTH

    karl

    -----Original Message-----
    From: Stuart [mailto:secmail@patchsupplier.dyndns.org]
    Sent: Monday, July 21, 2003 10:20 AM
    To: focus-ms@securityfocus.com
    Subject: RE: plugging old IIS FTP holes

    Has anyone been successful in removing the "Microsoft FTP Service" part
    of the banner? Or does anyone know of a way to do this?

    -----------------------------------------------------------------------------
    ------------------------------------------------------------------------------


  • Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #146"

    Relevant Pages

    • Re: Proposal: Borland Patch Day (once a month)
      ... John Herbster wrote: ... > Then why does Microsoft issue patches so frequently? ... I can think of a lot of reasons. ...
      (borland.public.delphi.non-technical)
    • Re: Access to external FTP server
      ... Microsoft CSS Online Newsgroup Support ... | box in the FTP protocol definition was selected in the ISA 2004 ... |> I will try my best to work with you to resolve this issue. ...
      (microsoft.public.windows.server.sbs)
    • Re: Clients not able to ftp
      ... If you already have the EnableRSS key in registry, ... FTP Access Filter ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
      (microsoft.public.windows.server.sbs)
    • So Windows Update is a dog, now what?
      ... extension, that means that the soon-to-be-released Windows Update, ... How about someone getting serious about patch management over at ... In their explanation of the severity rating scheme, the Microsoft ... incredibly reliable mechanism for getting patches onto systems, ...
      (NT-Bugtraq)
    • RE: FTP Upload
      ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... | Thread-Topic: FTP Upload ...
      (microsoft.public.windows.server.sbs)