Learn something new every day
More Info... by email
Banner grabbing is an activity that is used to determine information about services that are being run on a remote computer. This technique can be useful to administrators in cataloging their systems, and ethical hackers can also use it during penetration tests. Malicious hackers also use banner grabbing, since the technique can reveal compromising information about the services that are running on a system. The technique works by using Telnet, or a proprietary program, to establish a connection with a remote machine, after which a bad request is sent. That will cause a vulnerable host to respond with a banner message, which may contain information that a hacker could use to further compromise a system.
In a computer networking context, the term banner typically refers to a message that a service transmits when another program connects to it. Default banners often consist of information about a service, such as the version number. The banner for a hypertext transfer protocol (HTTP) service will typically show the type of server software, version number, when it was modified last, and other similar information. When a program such as Telnet is used to intentionally gather this information, it is usually referred to as banner grabbing.
A few different types of software, including Telnet and various proprietary programs, can be used to perform banner grabbing. Telnet is a type of network protocol that is used to establish a virtual terminal connection with a remote host. Most operating systems (OSes) come with the ability to establish Telnet sessions, so that is one of the primary ways that banner grabbing is performed. Whether Telnet or another program is used, banners are grabbed by connecting to a host, and then sending a request to a port that is associated with a particular service, such as port 80 for HTTP.
One of the purposes of banner grabbing is system administration, in which case it can be useful for HTTP fingerprinting and other activities. An administrator can also use the technique to perform an inventory on all of the different services and systems operating on the host for which he is responsible. He will typically establish a Telnet connection with the host, and then query each port and catalog the results. White hat hackers can also use the technique during the planning phase of a penetration test.
Malicious hackers often use banner grabbing as well when looking for vulnerable hosts. They typically establish a connection with a host, and then query ports looking for vulnerable services. Since the default banners often include the type of server software and version, it is possible to identify services with known exploits. The hacker can then use those exploits to carry out additional attacks.
@Vincenzo -- Telnet is on the decline, to be sure, but there are still millions of computers with that program and those could be vulnerable to those banner grabbing attacks.
I know there are some operating systems that no longer include Telnet, but a lot of people add the program and it is readily available for free. Who is adding Telnet? Well, there are people who still cruise old bulletin board systems (BBS) that used to be available by dial up Internet and are now accessible through Telnet.
There are a lot of reasons to grab Telnet, but those who do should be aware their systems could be vulnerable to attacks and should take appropriate precautions.
But I thought Telnet was on the way out. If that is the case, wouldn't that pretty much put a dent in banner grabbing? I know there are other proprietary programs in use, but Telnet was (and probably still is) as common as sin on computers. Those days, however, appear to be coming to an end.
One of our editors will review your suggestion and make changes if warranted. Note that depending on the number of suggestions we receive, this can take anywhere from a few hours to a few days. Thank you for helping to improve wiseGEEK!