[plug] hiding service banner
Bernard Blackham
bernard at blackham.com.au
Sat Aug 14 20:51:35 WST 2004
On Sat, Aug 14, 2004 at 03:46:49PM +0800, Jon Miller wrote:
> Like to know if there is a way to hide info on services running.
> For example if I do a scan on a client system I can see that they
> are using SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3. I would
> like it not to display the banner.
You can edit the binary, and ensure you don't make the string any
longer or shorter (or remove the null terminating character). You'll
need to do this on every upgrade too. Though, as others have alluded
to, you shouldn't really rely on security through obscurity.
On a similar note, there's an ssh worm going about that exploits
user accounts with trivial usernames and passwords (like test/test
guest/guest, etc). I doubt it'd care what the banner said :)
(albeit, obscuring your security by running sshd on a non-standard
port would lessen the likelyhood of you being hit, but you'd be
silly to have an account test/test on a machine on the internet ...)
Bernard.
--
Bernard Blackham <bernard at blackham dot com dot au>
More information about the plug
mailing list