RE: plugging old IIS FTP holes
From: Levinson, Karl (LevinsonK_at_STARS-SMI.com)
Date: 07/21/03
- Previous message: Lee Evans: "RE: plugging old IIS FTP holes"
- Maybe in reply to: Douglas Schlenker: "plugging old IIS FTP holes"
- Next in thread: Stuart: "RE: plugging old IIS FTP holes"
- Reply: Stuart: "RE: plugging old IIS FTP holes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: 'Stuart' <secmail@patchsupplier.dyndns.org>, focus-ms@securityfocus.com Date: Mon, 21 Jul 2003 11:07:25 -0400
AFAIK, Microsoft does not support this, according to the article below.
[The article mentions NT and 2000, but should also be true for XP.]
http://support.microsoft.com/default.aspx?scid=kb;en-us;316998
Here's one tool that supposedly will do this:
http://www.nstalker.com/banners.php
And a quick Google search also returned this article:
http://www.geocities.com/allegro162002/banner.txt
Links to articles on how to change other IIS banners [and reasons why doing
this may or may not improve your security very much] can be found at:
http://securityadmin.info/faq.asp#banner
http://community.whitehatsec.com/articles/02/10/09/1813224.shtml
http://www.nextgenss.com/papers/iisrconfig.pdf
To the original poster, I feel obligated to recommend making sure that if
the anonymous account [IUSR by default] is enabled, it does not have both
read and write permission to any one folder, especially if the FTP service
will be visible from the internet, for the reasons described at
www.cert.org/tech_tips
Removing the Posix subsystem might also be something to consider concerning
the above mentioned type of FTP server abuse. See:
www.microsoft.com/technet/security/tools/chklist/CheckList.htm#4
www.labmice.net/articles/securingwin2000.htm
Last, any patches you may be missing can be found by going to
www.microsoft.com/technet/security and either installing Windows 2000 SP4
or, if you have a reason for avoiding SP4, use the Hotfix Search to find the
latest post SP3 patches for IIS and all your other installed Microsoft
software components. [While you're there, you might also run MBSA /
hfnetchk both now and at regular intervals to look for missing patches and
security issues.]
HTH
karl
-----Original Message-----
From: Stuart [mailto:secmail@patchsupplier.dyndns.org]
Sent: Monday, July 21, 2003 10:20 AM
To: focus-ms@securityfocus.com
Subject: RE: plugging old IIS FTP holes
Has anyone been successful in removing the "Microsoft FTP Service" part
of the banner? Or does anyone know of a way to do this?
-----------------------------------------------------------------------------
------------------------------------------------------------------------------
- Previous message: Lee Evans: "RE: plugging old IIS FTP holes"
- Maybe in reply to: Douglas Schlenker: "plugging old IIS FTP holes"
- Next in thread: Stuart: "RE: plugging old IIS FTP holes"
- Reply: Stuart: "RE: plugging old IIS FTP holes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
