1

I'm looking for methods (iptables rules, etc...) to prevent the version from showing on a nmap report for VSFTPD.

Currently, when executing: nmap -Pn -p 21 -sV localhost

Nmap scan report for localhost (127.0.0.1)
Host is up (0.000086s latency).
PORT   STATE SERVICE VERSION
21/tcp open  ftp     vsftpd 3.0.3
Service Info: OS: Unix

I want version to be hidden or display some not valid value(unavailable for example).

Nmap scan report for localhost (127.0.0.1)
Host is up (0.000086s latency).
PORT   STATE SERVICE VERSION
21/tcp open  ftp
Service Info: OS: Unix

OS info:
Distributor ID: Debian
Description: Debian GNU/Linux 7.11 (wheezy)
Release: 7.11
Codename: wheezy
VSFTPD version: 2.3.5

I have already tried with ftpd_banner and banner_file none of them works.
How can i do this?

user387158
  • 11
  • 1
  • 2

2 Answers2

2

Edit vsftp config file:

vi /etc/vsftpd/vsftpd.conf

and uncomment ftpd_banner setting:

ftpd_banner=Welcome to blah FTP service.
Vikelidis Kostas
  • 967
  • 1
  • 6
  • 16
0

Replace the strings at prelogin.c https://github.com/dagwieers/vsftpd/blob/master/prelogin.c

Ipor Sircer
  • 1,226
  • 7
  • 8