GNU/Linux Desktop Survival Guide by Graham Williams
Desktop Survival Project Home Preface Advocacy History Distributions Installation Basic Survival Wajig Audio AbiWord APM Backup Bash Booting Cameras CD Chinese ChRoot Clock Commercial Conference Management Configuration CRON CVS Databases DIA Directories Disks Documentation DVD Email Eye of Gnome Evolution File Systems Firewalls Floppy Disks Fonts Ghemical GIMP Glade Gnome GnuCash Gnumeric GQView Graphics Groups HTML Editors ImageMagick Initialisations on Booting Java KDE Kernels Keyboard Konqueror KVM Switch LaTeX Log System Login Magellan Mathematics Memory Modems Mounting Devices MS/Windows Music MySQL Nautilus Networks NFS NT File System OpenOffice.org Oracle Packages Partitions Passwords PDF Photos PPP Presentations Printing Python R Remote Desktops Rsync Samba Scanning Science Security SH File System Sketch Spell SPlus Spruce SSH SUDO Subversion Swap Themes USB Video Virtualization Web Word X XML Sample Installations Troubleshooting Index

Identifying Your System?

Note that, for example, a HTTP server on port 80 identifying itself as:

  $ httptype togaware.com
  Apache/1.3.29 (Debian GNU/Linux) PHP/4.3.3

or a SSH server on port 22 identifying itself as:

  $ telnet togaware.com 22
  Trying 150.229.8.170... 
  Connected to togaware.com. 
  Escape character is '^]'. 
  SSH-1.99-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10

is not really a security risk. Serious attacks will attempt all know vulnerabilities of the port, irrespective of what is running behind the port. Thus this is not regarded as sensitive information. On the other-hand, hiding the banner loses a lot for inter-operation.

Indeed, software should advertise its version number to aid debugging in all kinds of circumstances. If there's a security flaw then the flaw should be fixed instead of trying to hide it.