1. Many text-based protocols will issue text banners when you connect to the service. These can usually be used to fingerprint the os or service. Key point: Many banners reveal the exact version of the product. Over time, exploits are found for specific versions of products. Therefore, the intruder can simply lookup the version numbers in a list to find which exploit will work on the system. In the examples below, the version numbers that reveal the service has known exploitable weaknesses are highlighted. Example: The example below is a RedHat Linux box with most the default service enabled. The examples below show only the text-based services that show banners upon connection (in some cases, a little bit of input was provided in order to trigger the banners). Note that this is an older version of Linux; exploits exist for most these services that would allow a hacker to break into this box (most are buffer-overflow exploits). Best practices: It is often recommend (and required in some government areas) to display a banner warning off unauthorized users. It makes the legal case stronger if you can show that the attacker saw a banner that indicated that they were unauthorized. Best practices: All version information should be supressed in the banners. See the product documentation for more information on this. An example on Solaris is to edit the configuration file /etc/default/telnetd and added the line: BANNER="" This will remove the Solaris login banner, making it more difficult for an intruder to determine the type of operating system. From Hacking-Lexicon