Hiding and disguising port banner

OpenSSH

Modifying openssh-3.x/version. h

Find # define SSH_VERSION "OpenSSH_3.x"

Compile and install after modification

Modify SSH-2.0 (not recommended)
Proto-mismatch.sh
Proto-version.sh

SSH

Version:
Modify apps/ssh/ssh2version. h

# Define SSH2_VERSION "3.2.9.1"

Banner name:
Modify apps/ssh/ssh2shortdes. h
# Define SSH2_VERSION_STRING "SSH Secure Shell" SSH2_VERSION
"(Non-commercial cial version )"
# Define SSH2_PROTOCOL_VERSION_STRING SSH2_VERSION
"SSH Secure Shell (non-Secure cial )"

Modify SSH-2.0 (not recommended)
Apps/ssh/sshd2.c
Apps/ssh/lib/sshproto/trcommon. h
Apps/ssh/sshstdiofilter. c

Exim4

Configuration File:/etc/exim4/exim4.conf. template

Find # smtp_banner = $ smtp_active_hostname ESMTP Exim $ version_number $ tod_full

Remove comments and modify

Postfix

Configuration file/etc/postfix/main. cf

Modify smtpd_banner = $ myhostname ESMTP "Version not Available"

Proftd

Configuration file:

Camouflage login welcome information

Modify ServerIdent on "Serv-u ftp Server v5.0 for WinSock ready ..."

Or ServerIdent off

Telnet will display: 220: ffff: 192.168.2.3 FTP server ready

Disguise banner message

DisplayLogin [msgfile] DisplayConnect [msgfile]

Vsftpd

Configuration File: vsftpd. conf

Modify ftpd_banner = welcome to this FTP server

Apache

Configuration File:/etc/apache2/apache2.conf or/etc/apache2/httpd. conf

Change ServerSignature on to ServerSignature off.

Change ServerTokens Full to ServerTokens prod.

After modification, you can hide some banner

However, the apache words can still be viewed using wget-S and curl-I.

Modify the source file if it is completely disguised

 

Edit the ap_release.h file and change "# define AP_SERVER_BASEPRODUCT" Apache "to" # define AP_SERVER_BASEPRODUCT "Microsoft-IIS/5.0"

Edit OS/unix/OS. h file modification "# define PLATFORM" Unix "" to "# define PLATFORMWin32"

Recompile apache

 

PHP

Configuration File php. ini

Modify expose_php On --> expose_php = Off

 

 

Nginx

Add the server_tokens parameter to the http {of nginx. conf.

Server_tokens off;

Http {
Include mime. types;
Default_type application/octet-stream;
Server_tokens off;
Client_header_timeout 3 m;
Client_body_timeout 3 m;
Send_timeout 3 m;

The source code needs to be modified when the screen is fully held

Src/core/nginx. h

Find

# Define NGINX_VERSION "0.6.35"
# Define NGINX_VER "nginx/" NGINX_VERSION
# Define NGINX_VAR "NGINX"

Compile after modification

TTL

Run the following command to change the TTL base of Red Hat Linux to 128 (64 by default ):
Echo 128>/proc/sys/net/ipv4/ip_default_ttl
Run the following command to change the TTL base of Red Hat Linux to 128 (64 by default ):
Net. ipv4.ip _ default_ttl = 128

Iptables

Use iptables to restrict SSH logon to port 22, so that unauthorized IP addresses cannot scan the existence of port 22:
# Iptables-I INPUT-s! Xx. xx-p tcp -- dport 22-j DROP

Use iptables to transfer the TCP port 3389 of the Local Machine to other computers with port 3389 enabled, and disguise a TCP port 3389 that provides services for the Linux system. The command is as follows:
# Echo 1>/proc/sys/net/ipv4/ip_forward
# Iptables-t nat-I PREROUTING-p tcp -- dport 3389-j DNAT -- to xx. xx
# Iptables-t nat-I POSTROUTING-p tcp -- dport 3389-j MASQUERADE
The first command allows data packet forwarding. The second command allows data packet forwarding from TCP 3389 to xx. xx. xx. xx; the third command indicates that a "two-way path" is implemented for the forwarded data packets, and a correct return channel is set for the data packets. To make the forwarding take effect permanently, add the preceding command to the/etc/rc. local file.
In this way, when a hacker scans the port opened by the server, the hacker cannot find port 22. Instead, the hacker can see a disguised port 3389, so that the operating system type cannot be correctly determined.

For netcraft

Netcraft is a powerful scanning engine. Through a simple TCP 80, you can know the operating system, Web Service Program, and Uptime of the tested server.
The methods described above do not work for netcraft. For netcraft, you can use iptables to perform system camouflage, so that netcraft can incorrectly judge the operating system:
# Iptables-t nat-I PREROUTING-s 195.92.95.0/24
-P tcp -- dport 80-j DNAT -- to xx. xx
# Iptables-t nat-I POSTROUTING-s 195.92.95.0/24
-P tcp -- dport 80-j MASQUERADE
Packet Capture shows that there are more than one netcraft server, so you need to perform forwarding spoofing on its network segment.