Re: Changing daemon banners...
On Tue, Feb 06, 2001 at 10:40:49PM -0600, Jason Arden wrote:
> I was just reading about daemon banners and how they show exactly what service is runing on what port... Version etc... like WU FTP ... blha lbha.... I was told that I can use TCPWRAPPERS to change this information?
> Can someone help me out with this or let me know of a good tutorial if there is one?
> Thanks in advance,
tcp_wrappers will only allow you to control who accesses services. afaik,
it cannot be made to change banner information; however, if you're running
an ftpd that only a few people need to use, you can use tcp_wrappers to
disallow access for anyone other than those few people. this is
an ideal situation.
if you've got a service that has many people connecting from various
locations (for example, sshd running so that you can admin your machine
from wherever you happen to be), you'd have to change the banner either
within the source code of the program itself (or perhaps the configure.in),
or within the config file (as bind, glftpd, and probably others allow).
(the following is my opinion; take it as you would take any piece
I find this to fall into the same category as portsentry: you're running
services that you feel are insecure, and thus feel the need to hide that
fact. if you can run audited daemons (qmail, popa3d, etc), then there's
not much of a need to hide the banners (unless you're very paranoid, in
which case you're probably familiar w/ the internal workings of the
daemons to begin w/). otoh, if you're required to run things like
bind, wuftpd (*shudder*), etc, it's best that you either restrict access
w/ tcp_wrappers or dig into the code and change/disable banners.
"... being a Linux user is sort of like living in a house inhabited
by a large family of carpenters and architects. Every morning when
you wake up, the house is a little different. Maybe there is a new
turret, or some walls have moved. Or perhaps someone has temporarily
removed the floor under your bed." - Unix for Dummies, 2nd Edition
-- found in the .sig of Rob Riggs, email@example.com