Beyond Internet Scanning: Banner Processing for Passive Software Vulnerability Assessment

Nowadays, the increasing number of devices and services that require a direct Internet access, creates new security challenges. These challenges need to meet user feature-based requirements with the companies’ restrictive security policies. Therefore, security administrators need to adopt novel tools in order to quickly and non-intrusively verify the degree of exposure of Internet-facing services. In this respect, we find tools such as Shodan and ZMap, which enable scanning of services at an Internetscale. Scan results can deliver significant details on service version, patches, and configuration. Subsequently, these can expose valuable information about known software vulnerabilities, which may be exploited by malicious actors. Therefore, this work studies the degree of service exposure by means of banner analysis. Experiments conducted on five university-type institutions revealed that banner analysis is not “old fashioned” and that immediate measures need to be taken in order to secure sensitive services. Keywords—Vulnerability assessment; Internet scanning; Common Platform Enumeration (CPE); Common Vulnerability and Exposure (CVE); National Vulnerability Database (NVD).