Re: How to Hide the IIS FTP Banner ?
From: Alun Jones [MS MVP - Security] (alun_at_texis.invalid)
Date: 05/19/04
- Next message: Chip Mitchell: "Re: default document not served"
- Previous message: Shariq: "Really urgent..."
- In reply to: Paul Lynch: "Re: How to Hide the IIS FTP Banner ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 May 2004 17:26:46 GMT
In article <vetma0plriiit7hdf2o35i7lil38u2mabp@4ax.com>, Paul Lynch
<paul.lynch@nospam.com> wrote:
>On Wed, 19 May 2004 14:23:41 GMT, alun@texis.invalid (Alun Jones [MS
>MVP - Security]) wrote:
>>Go look in microsoft.public.inetserver.iis.ftp, where Paul also posted this
>>(Paul, have you heard about crossposting?) - we're currently discussing
>Yes I have actually. Posting it here was an afterthought. Why are you
>making an issue of this Alun ?
Because we've now got two discussions going in parallel on the same topic.
It makes it a little tricky to figure out which one has heard which
argument.
>What features specifically are you referring to ? I asked you for
>examples of what functionality this would break in the other thread
>and you suggested that I speak to the authors of client software
>because "it's not something that has greatly interested me"
>
>Hardly a very convincing argument.
It's not intended to be. It's intended to note that there _is_ a
deleterious effect on usability (otherwise all these FTP clients would not
have a list box for you to choose what type of FTP server you're connecting
to, if the automatic detection fails because the banner is gone).
Couple that with the lack of any improvement to security, and there's really
no good reason to go changing the banner. If your server is vulnerable
enough that a hacker can break into it using the information from the
unchanged banner, then your server will be broken into with a custom banner.
This is particularly true of a server such as the Microsoft one, which is
going to be the target of most scattershot attacks. If the server isn't
secure against attack, then changing the banner will not reduce the number
of attacks.
For instance, try putting an FTP server - any FTP server - online for a week
or two, without announcing it. You'll find that many of the attacks you
receive bear no resemblance to any known attacks for your server, if any at
all do. The crackers are going to try any attack they know. If you've
slowed the targeted attacker down by changing the banner, you've gained
what, a second or two, while he might be trying attacks for a wrong server?
Can you do anything in that time?
Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
-- Texas Imperial Software | Find us at http://www.wftpd.com or email 1602 Harvest Moon Place | alun@texis.com. Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
- Next message: Chip Mitchell: "Re: default document not served"
- Previous message: Shariq: "Really urgent..."
- In reply to: Paul Lynch: "Re: How to Hide the IIS FTP Banner ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
