Top Document: comp.security.unix and comp.security.misc frequently asked questions Previous Document: Should I block all ICMP at my firewall/router? Next Document: How do I recover from forgetting my root password? (Similarly: I messed up the root line in /etc/passwd and can't su or login as See reader questions & answers on this topic! - Help others by sharing your knowledge In unix, find the daemon in question, possibly by finding its line in /etc/inetd.conf, and read its man page. For complex config files (e.g. sendmail), search in the config file for the constant portions of the string it's outputting (e.g. in sendmail.cf find the string "Sendmail" with a capital 'S'). For telnetd, some systems have "-h" to suppress the greeting and other systems' banners come from a file called something like /etc/issue. (Note that in redhat linux, you really want to modify /etc/rc.d/rc.local rather than (or in addition to) /etc/issue*, because it regenerates /etc/issue* upon boot.) For Solaris 2.6 and greater, put "BANNER=" (without the quotes) in /etc/default/telnetd and/or /etc/default/ftpd. The telnetd included with Solaris <2.6 and SunOS can't suppress the banner, but there's no need to use that particular software; you could use GNU telnetd or wu-ftpd, for example; or you might edit the binary, as the strings appear in it. But this might not really be a security issue and it might not be worth your effort. Suppressing banners probably doesn't restrict any information which is genuinely useful to an attacker. If an attacker has some "exploit" program for sendmail 1.2.3 only, then rather than checking the banner to see if your machine is in fact running sendmail 1.2.3, they might as well just run the exploit program, which is a direct check of whether you're vulnerable. Whereas the banner suppression *will* interfere with some kinds of checking of daemon versions which you yourself may want to do occasionally. User Contributions:Top Document: comp.security.unix and comp.security.misc frequently asked questions Previous Document: Should I block all ICMP at my firewall/router? Next Document: How do I recover from forgetting my root password? (Similarly: I messed up the root line in /etc/passwd and can't su or login as Single Page [ Usenet FAQs | Web FAQs | Documents | RFC Index ] Send corrections/additions to the FAQ Maintainer: flaps@dgp.toronto.edu (Alan J Rosenthal)
Last Update March 27 2014 @ 02:11 PM
|
Comment about this article, ask questions, or add new information about this topic: