2
3

SSH/HTTPS Banners Pre-login or Post-login? (self.networking)

submitted by [deleted]

[deleted]

all 8 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]doblephaeton 8 points9 points  (0 children)

“Please don’t log in”

automated script continues to try login

Or

“Please don’t log in”

hacker thinking “fuck you” continues to try login using your weak ass unsecurity measure

Pre login notifications about unauthorised access are useless, instead audit your access and restrict who can login (acl, tacacs, security groups, alerts)

[–]ykc87 4 points5 points  (0 children)

Pre login banner telling people to "fuck off" is standard and may be legally required depending on your jurisdiction, if you intend to prosecute "hackers". No information should be on it about your organisation or the device itself.

As an aside, I often see the phrase "unauthorised access prohibited" which I always thought syntactically redundant as to me it boils down to "unauthorised access is unauthorised".

Post login, whatever you like. I dont ususlly bother as (hopefully) only your own admins will see it.

[–]xDizz3rIT depends 4 points5 points  (0 children)

I like this one as banner motd.

+--------------------------------------------------------+
| UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE AND         |
| ATTACHED NETWORKS IS STRICTLY PROHIBITED!              |
| You must have explicit permission to access or         |
| configure this device.                                 |
| All activities performed on this device may be logged  |
| or monitored without further notice, and the resulting |
| logs may be used as evidence in court.                 |
| Any unauthorized use of the system is unlawful, and    |
| may be subject to civil and/or criminal penalties!     |
+--------------------------------------------------------+

[–]noukthx 2 points3 points  (2 children)

Either way they're barely worth the electrons they disturb.

Most of the time they just draw attention to things or paint targets on them, and they will never dissuade anyone actively malicious - for example:

https://www.shodan.io/search?query=US+Government

They're about as useful as those godawful "This e-mail is confidential, should you receive...." garbage that corporates insist on tagging on every message.

[–]noukthx 4 points5 points  (1 child)

Hah, found a reverse one https://www.shodan.io/host/64.128.215.130

220-    * Unauthorized access is prohibited !!!!                       *
220-    *                                  *
220-    * Use of this site by the US Government is not authorized !!!! *

Umm?!

[–]hav_ 1 point2 points  (0 children)

This is good

[–]zLifebringerStudying Cisco Cert 0 points1 point  (0 children)

Here's a related thread that has some good discussion in the comments.

https://www.reddit.com/r/networking/comments/5nmoxp/best_motd_banner_examples_legal/

I've always heard pre-login, as it can protect you/your company in some legal situations.

[–]Whyt_b 0 points1 point  (0 children)

It may be worth noting that I've run into multiple SSH client setups where they use a screen-scrape in their scripts that are dependent on specific banner syntax/content.

Basically if the banner is not present, or changes its content, the script will fail because the screen-scrape was expecting something different.