[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Thu Feb 19 14:09:33 2004 -->
- <!--x-from-r13: znggl91 ng oryyfbhgu.arg (znggl91 ng oryyfbhgu.arg) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] SSHD reports version info!? -->
- <li><em>date</em>: Thu Feb 19 14:09:33 2004</li>
- <li><em>from</em>: matty91 at bellsouth.net (matty91 at bellsouth.net)</li>
- <li><em>in-reply-to</em>: <<a href="msg00659.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00642.html">[email protected]</a>> <<a href="msg00659.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] SSHD reports version info!?</li>
> On Thu, Feb 19, 2004 at 02:39:42AM -0500, Kevin Krumwiede wrote:
> > (I posted this to the debian-user list but it never showed up.)
>
> > When I telnet to port 22 on my 3.0r2 server, I see this:
>
> > SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3
>
> > Isn't that considered sensitive information? Why advertise it so
> > blatantly? Is there any way turn this banner off?
>
> Not really. If you didn't, an attack can just throw a broad
> spectrum attack at you, no gain. Someone scanning would spot you and
> just assume that you are obfuscating the information because you're too
> lazy to keep your software up to date and flag you for that extra special
> attention they like to provide from time to time, just after an exploit
> release.
I am not so sure I agree with this. Most of the script kiddie utilities
do pattern matching based on banner information. While this doesn't
protect you from someone with a clue, it would help you deflect
attacks from the ppl d/l'ing sploits on the web.
>
> No you can not turn it off and, even if you could, you would then
> break ssh. That information is not there merely for you edification.
> It's there to tell the client what protocols to speak. There are
> several different dialects and the client needs to know what it's talking
> to inorder to negotiate the protocols properly. It's the openning offer
> in the protocol.
Well, OpenBSD/FreeBSD have the "VersionAddendum" option. My friend
configures his Openssh server to report:
VersionAddendum Windows 2000 Professional Server
You should be able to grab these patches if you are concerned about
the OS information in the banner.
>
> Some of the information (Like from "Debian" to the end of line)
> is mutable and you could trash it. That first openning string, however,
> should NOT be tampered with.
>
> > Thanks,
> > Krum
>
> Mike
> --
> Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
> /\/\|=mhw=|\/\/ | (678) 463-0932 | <a rel="nofollow" href="http://www.wittsend.com/mhw/";>http://www.wittsend.com/mhw/</a>
> NIC whois: MHW9 | An optimist believes we live in the best of all
> PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
>
Ryan Matteson - UNIX Administrator | GPG ID: 92D5DFFF
Public Key: <a rel="nofollow" href="http://www.daemons.net/~matty/public_key.txt";>http://www.daemons.net/~matty/public_key.txt</a>
Fingerprint = 4BEC 6145 30A6 BCE6 5602 FF11 4954 165D 92D5 DFFF
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00677" href="msg00677.html">[ale] SSHD reports version info!?</a></strong>
<ul><li><em>From:</em> mhw at wittsend.com (Michael H. Warfield)</li></ul></li>
<li><strong><a name="00684" href="msg00684.html">[ale] SSHD reports version info!?</a></strong>
<ul><li><em>From:</em> esoteric at 3times25.net (Geoffrey)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00642" href="msg00642.html">[ale] SSHD reports version info!?</a></strong>
<ul><li><em>From:</em> kjkrum at comcast.net (Kevin Krumwiede)</li></ul></li>
<li><strong><a name="00659" href="msg00659.html">[ale] SSHD reports version info!?</a></strong>
<ul><li><em>From:</em> mhw at wittsend.com (Michael H. Warfield)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00673.html">[ale] New install of SuSE</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00675.html">[ale] OT: Running computers in an older home (read oldercircuitry)</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00659.html">[ale] SSHD reports version info!?</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00677.html">[ale] SSHD reports version info!?</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00674"><strong>Date</strong></a></li>
<li><a href="threads.html#00674"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>