Re: [Full-Disclosure] SNMP Broadcasts

From: J.A. Terranson (measl_at_mfn.org)
Date: 07/16/04

  • Next message: Barry Fitzgerald: "Re: [Full-Disclosure] SNMP Broadcasts" 
    To: Barry Fitzgerald <bkfsec@sdf.lonestar.org>
Date: Fri, 16 Jul 2004 15:06:53 -0500 (CDT)

    On Fri, 16 Jul 2004, Barry Fitzgerald wrote:

    > J.A. Terranson wrote:
    >
    > >>Oh, I get it. So if root executes "sshd -p 45522" --this is not
    > >>*technically* ssh, right?
    > >>
    > >>
    > >
    > >If sshd is running on 45522 it's a back door Marty :-) And no, in this
    > >case, pedantic or not, it's not "ssh" as is commonly accepted.

    > I disagree. It may not be completely standard compliant (in so far as
    > the standard assigns a common usage port), but it sure as hell is the
    > SSH protocol.

    Agreed. It is the SSH protocol, but it is not the SSH *service*. It
    violates the standard (as you note).

    If I write a trojan that uses HTTP to process requests, then park it on
    31337, I do not have an HTTP serv(er|ice). I have a trojan which happens
    to use the HTTP protocol.

    > When you say "that's running on this port, but it's not SSH" you're not
    > sending the message to people that it's not SSH because it has to be
    > compliant, you're sending the message to people that it's *not the SSH
    > protocol at all*...

    No, not at all. There's a big difference between a *standardized service*
    and it's underlying protocols. In order to be SSH, it must comply with
    all of the standards for SSH. Otherwise, you get a M$ Windows product.

    > I think the fact that you're being pedantic with this issue confuses the
    > point

    I understood that risk during the first post, and deliberately made note
    of that.

    > and is, pretty much, worthless. No one, frankly, gives a sh*t if
    > you consider it to not be SSH because it's not on the port that makes
    > you happy

    As a non member of the appropriate standards bodies, what I would like is
    irrelevant. If you assess a site, and report that they have ssh running
    on port 31337, you are not providing factual data - you are providing an
    uninformed opinon, which is *wrong*.

    > Saying what you said above is counterproductive and will only serve to
    > confuse people. Perhaps you should wratchet up your pedantic nature and
    > instead of saying that it's "not SSH because it's on the wrong port" say
    > "it's non-compliant SSH because it's on the wrong port".

    Except for you, I think everyone else *got* the point.

    > Otherwise it's a case of the pot calling the kettle black.
    >
    > -Barry
    >
    > p.s. This is the end of that issue as far as I'm concerned. If you
    > continue to claim that it's "not the SSH protocol", you're just being
    > difficult.

    Then I'm being difficult. But in the end, this is my attempt to realign
    your thinking on it. That you are immobile is not something I can help. 

    -- 
Yours,
J.A. Terranson
sysadmin@mfn.org
0xBD4A95BF
  "...justice is a duty towards those whom you love and those whom you do
  not.  And people's rights will not be harmed if the opponent speaks out
  about them."      Osama Bin Laden
	- - -
  "There aught to be limits to freedom!"    George Bush
	- - -
Which one scares you more?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
  • Next message: Barry Fitzgerald: "Re: [Full-Disclosure] SNMP Broadcasts"

    Relevant Pages

    • PuTTY terminate on open Alteon Director - Contains packet dump (LONG POSTING)
      ... Using SSH protocol version 1 ... I have also tried multiple different protocol settings and bugs ... Header checksum: 0xbdc1 ... Transmission Control Protocol, Src Port: 2759, Dst Port: ssh ...
      (comp.security.ssh)
    • Re: Remote access from Internet
      ... An initial proposal was to implement the entire user interface as a Java applet and use a simple back-end protocol to move data. ... The user who desires access connects to relay server with a browser and logs in. ... then you probably need to block all ports *except* for one that you actively manage - ideally by something strong like SSH. ... As a side note on ssh security, there is no need to put ssh on port 22. ...
      (comp.arch.embedded)
    • SSH protocol2 without a password
      ... Have read 'ssh without a password' and apparently the problem lingers. ... # similar for protocol version 2 ... server listening on 0.0.0.0 Port 22 ... failed publickey for root from 192.168.0.1 port 32769 ssh2 ...
      (comp.security.ssh)
    • Re: [Full-Disclosure] SNMP Broadcasts
      ... >If I write a trojan that uses HTTP to process requests, ... running on that port. ... >all of the standards for SSH. ... and not all standard subsections are of equal value. ...
      (Full-Disclosure)
    • Re: [Full-Disclosure] SNMP Broadcasts
      ... > all of the standards for SSH. ... in order to be "standard" SSH the listen port MUST be 22. ... you're not complying with the SSH standard by listening on an ...
      (Full-Disclosure)