Port scanners, network vulnerability scanners, and web

                  vulnerability scanners use a technique called banner grabbing to
                  identify the variant and version of a service running on a system.
                  This technique opens a connection to the service and reads the

                  details provided on the welcome screen, or banner, to assist with
                  version fingerprinting.



               An attacker reading these results would probably make a few
               observations about the system that would lead to some further
               probing:

                    Pointing a web browser at this server would likely give a good idea
                    of what the server does and who operates it. Simply typing
                    http://52.4.85.159 in the address bar of the browser may reveal
                    useful information. Figure 15.2 shows the result of performing this:

                    the site is running a default installation of the Apache web server.

                    Connections to this server are unencrypted. Eavesdropping on
                    those connections, if possible, may reveal sensitive information.

                    The open SSH port is an interesting finding. An attacker may try to
                    conduct a brute-force password attack against administrative
                    accounts on that port to gain access to the system.