RE: plugging old IIS FTP holes

AFAIK, Microsoft does not support this, according to the article below. [The article mentions NT and 2000, but should also be true for XP.]

http://support.microsoft.com/default.aspx?scid=kb;en-us;316998

Here's one tool that supposedly will do this:

http://www.nstalker.com/banners.php

And a quick Google search also returned this article:

http://www.geocities.com/allegro162002/banner.txt

Links to articles on how to change other IIS banners [and reasons why doing this may or may not improve your security very much] can be found at:

http://securityadmin.info/faq.asp#bannerhttp://community.whitehatsec.com/articles/02/10/09/1813224.shtml 
http://www.nextgenss.com/papers/iisrconfig.pdf 

To the original poster, I feel obligated to recommend making sure that if the anonymous account [IUSR by default] is enabled, it does not have both read and write permission to any one folder, especially if the FTP service will be visible from the internet, for the reasons described at www.cert.org/tech_tips

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Removing the Posix subsystem might also be something to consider concerning the above mentioned type of FTP server abuse. See: www.microsoft.com/technet/security/tools/chklist/CheckList.htm#4 www.labmice.net/articles/securingwin2000.htm

Last, any patches you may be missing can be found by going to www.microsoft.com/technet/security and either installing Windows 2000 SP4 or, if you have a reason for avoiding SP4, use the Hotfix Search to find the latest post SP3 patches for IIS and all your other installed Microsoft software components. [While you're there, you might also run MBSA / hfnetchk both now and at regular intervals to look for missing patches and security issues.]

HTH karl

-----Original Message-----
From: Stuart [mailto:secmail@patchsupplier.dyndns.org] Sent: Monday, July 21, 2003 10:20 AM
To: focus-ms@securityfocus.com
Subject: RE: plugging old IIS FTP holes

Has anyone been successful in removing the "Microsoft FTP Service" part of the banner? Or does anyone know of a way to do this?