I'm looking for methods (iptables rules, etc…) to prevent the version from showing on a nmap report for VSFTPD.
Currently, when executing: nmap -Pn -p 21 -sV localhost
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000086s latency).
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 3.0.3
Service Info: OS: Unix
I want version to be hidden or display some not valid value(unavailable for example).
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000086s latency).
PORT STATE SERVICE VERSION
21/tcp open ftp
Service Info: OS: Unix
OS info:
Distributor ID: Debian
Description: Debian GNU/Linux 7.11 (wheezy)
Release: 7.11
Codename: wheezy
VSFTPD version: 2.3.5
I have already tried with ftpd_banner and banner_file none of them works.
How can i do this?
Best Answer
Edit vsftp config file:
and uncomment ftpd_banner setting: