[plug] hiding service banner

[James Devenish]

In message <s11e33f6.069 at mmtnetworks.com.au>
on Sat, Aug 14, 2004 at 03:46:49PM +0800, Jon  Miller wrote:
> Like to know if there is a way to hide info on services running.

That is far too much of a generic question (though we can at least
answer it for OpenSSH). In general, the answer differs from application
to application (e.g. the answer for Apache is different from OpenSSH,
etc).

> For example if I do a scan on a client system I can see that they are
> using SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3.  I would like it
> not to display the banner.

Note a couple of things here:

 - My understanding is that the declaration of the SSH version
   ("SSH-2.0" in this case) is part of the SSH protocol. The client
   and server need to agree about how to communicate, thus they must
   exchange version information. You cannot defeat this without
   crippling the service completely.
 - If you wish to hide the OpenSSH- and Debian-specific information, I
   think you are barking up the wrong tree. The human-readable banners
   are just window dressing. I'm not entirely sure why people wish to
   hide this information in general. Attackers use automated scripts
   that will attempt to break into your systems regardless of what
   human-readable cosmetics are displayed. However, I do understand that
   displaying this information makes automated attacks potentially more
   efficient, and you might not wish to be so co-operative. In the
   specific case of OpenSSH, however, my examination of the source code
   leads me to believe that there is no option to prevent the banner
   from being displayed. OpenSSH is developed by highly security-
   conscious people, so it would seem that they do not consider this
   to be a security issue. If you need to hide the information for
   non-security reasons, you will have to modify the source code (it's
   a trivial change, in sshd.c).