User:Ch1229/Banner grabbing

Banner Grabbing
In the context of Computer Networking, Banner Grabbing is an enumeration technique used to glean information about computer systems on a network and the services running its open ports. Administrators can use this to take inventory of the systems and services on their network. An intruder however can use banner grabbing in order to find network hosts that are running versions of applications and operating systems with known exploits.

Some examples of service ports used for banner grabbing are those used by Hyper Text Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP); ports 80, 21, and 25 respectively. Tools commonly used to perform banner grabbing are Telnet, which is included with most operating systems, and Netcat.

For example one could establish a connection to a target host running a web service with netcat, then send a bad html request in order to get information about the service on the host:

[root@prober] nc www.targethost.com 80

HEAD / HTTP/1.1

HTTP/1.1 200 OK

Date: Mon, 11 May 2009 22:10:40 EST

Server: Apache/2.0.46 (Unix) (Red Hat/Linux)

Last-Modified: Thu, 16 Apr 2009 11:20:14 PST

ETag: "1986-69b-123a4bc6"

Accept-Ranges: bytes

Content-Length: 1110

Connection: close

Content-Type: text/html

The administrator can now catalog this system or an intruder now knows what version of Apache to look for exploits for.

To prevent this Network Administrators should be sure to restrict access to services on their networks to appropriate networks and be sure to shut down unused or unnecessary services running on network hosts.