Analysis and Exploration of Vulnerabilities

Banners

Banners are textual or binary snippets provided to clients.

  • Immediately on connection, or after some request.

  • Most protocols are too chatty and will send some banners to help clients.

Impact: an attacker may gain knowledge about the software running.

  • Attackers can search for valid vulnerabilities.

  • Greatly narrows down the work to an attacker.

Exploitation: connect to the server and/or send a probe.

  • Multiple probes can be sent to test the system.

  • Banner grabbing – the technique of systematically probing entities for their banners.

Vulnerable protocols: FTP, IMAP, HTTP, SSH, TELNET, LDAP, RTMP, MySQL...

  • Restrict banners (if possible).

  • Fake banners (if possible).

  • Limit the verbosity in the banners (if possible).

PreviousPortsNextOS Fingerprinting

Last updated