More Related Content
What's hot
What's hot (20)
Similar to Banner grabbing
Similar to Banner grabbing (20)
Recently uploaded
Recently uploaded (20)
Banner grabbing
- 1. BANNER GRABBING PRESENTED BY: LAETY M.
- 2. WHAT IS A BANNER? A banner is simply the text that is embedded with a message that is received from a host. Usually this text includes signatures of applications that issue the message. So, they reveal themselves to us.
- 3. What is a Banner Grabbing? Banner Grabbing is a technique used by hackers to extract information about a host. If successful, it can identify the operating system, web server and other applications running on the target host.
- 4. Banner grabbing and operating system identification— which can also be defined as fingerprinting the TCP/IP stack—is the fourth step in the CEH scanning methodology. The process of fingerprinting allows the hacker to identify particularly vulnerable or high-value targets on the network. Hackers are looking for the easiest way to gain access to a system or network. Banner grabbing is the process of opening a connection and reading the banner or response sent by the application.
- 5. Many email, FTP, and web servers will respond to a telnet connection with the name and version of the software. This aids a hacker in fingerprinting the OS and application software. For example, a Microsoft Exchange email server would only be installed on a Windows OS. There are two types of OS fingerprinting: 1. Active 2. Passive
- 6. 1. ACTIVE STACK FINGERPRINTING Is the most common form of fingerprinting. It involves sending data to a system to see how the system responds.
- 7. It’s based on the fact that various operating system vendors implement the TCP stack differently, and responses will differ based on the operating system. The responses are then compared to a database to determine the operating system. Active stack fingerprinting is detectable because it repeatedly attempts to connect with the same target system.
- 8. 2.PASSIVE STACK FINGERPRINTING Is stealthier and involves examining network to determine the operating system. It uses sniffing techniques instead of scanning techniques. Passive stack fingerprinting usually goes undetected by an IDS or other security system but is less accurate than active fingerprinting.
- 9. HOW IT'S DONE? It can be done using tools like: Telnet Nmap ID Serve Get Requests NetCraft … and many more tools can be used to pull this off. For OS and Web server detection, we can grab a banner of http.
- 10. IMPACT Hackers grab banners all the time. Although IPs can be logged, hackers usually hide their real IP before grabbing. If they are successful in grabbing a few banners they can then use this information to find applications that are weak or have a security flaw.
- 11. IMPACT (cnt..) Attackers then focus on exploits that are targeted to the services that you are running. There are hundreds of services that can be queried for banners and more than often, a few have flaws or are simply old versions.
- 12. REMEDY This technique reveals critical information that can be devastating. To get rid of this, first you need to thoroughly analyze what information is leaked.
- 13. REMEDY (cnt..) • Set up your services properly. Default settings are always insecure. •Read the documentation and turn off all the features that are unnecessary •Turn off services that you don't need such as telnet. •Hiding File Extensions from WebPages •Disabling or changing the banner1