Re: [Full-Disclosure] SNMP Broadcasts
From: Barry Fitzgerald (bkfsec_at_sdf.lonestar.org)
Date: 07/16/04
- Previous message: J.A. Terranson: "Re: [Full-Disclosure] SNMP Broadcasts"
- In reply to: J.A. Terranson: "Re: [Full-Disclosure] SNMP Broadcasts"
- Next in thread: J.A. Terranson: "Re: [Full-Disclosure] SNMP Broadcasts"
- Reply: J.A. Terranson: "Re: [Full-Disclosure] SNMP Broadcasts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "J.A. Terranson" <measl@mfn.org> Date: Fri, 16 Jul 2004 16:31:56 -0400
J.A. Terranson wrote:
>
>Agreed. It is the SSH protocol, but it is not the SSH *service*. It
>violates the standard (as you note).
>
>If I write a trojan that uses HTTP to process requests, then park it on
>31337, I do not have an HTTP serv(er|ice). I have a trojan which happens
>to use the HTTP protocol.
>
>
>
Agreed to the example above as it's a trojan, not an HTTP server, but if
you take Apache and assign it to port 8081, you do have an HTTP server
running on that port. The distinction is one of intent and design, not
technicality.
>No, not at all. There's a big difference between a *standardized service*
>and it's underlying protocols. In order to be SSH, it must comply with
>all of the standards for SSH. Otherwise, you get a M$ Windows product.
>
>
>
Yes, and not all standard subsections are of equal value. Making the
distinction based on bound port is, frankly, stupid.
>
>I understood that risk during the first post, and deliberately made note
>of that.
>
>
>
So you knew you were wrong but said it anyway?
>As a non member of the appropriate standards bodies, what I would like is
>irrelevant. If you assess a site, and report that they have ssh running
>on port 31337, you are not providing factual data - you are providing an
>uninformed opinon, which is *wrong*.
>
>
>
>
Actually, please point me to the SSH standard document and section that
lists that sshd *must* run on TCP port 22 to be a valid SSH server.
My point about standards compliance in the last mail made the assumption
that bound port was defined at all in the standard. Doing a quick
review of the IETF Secure Shell standard draft, I can't see any mention
of it at all.
Barring your ability to provide this information, I'll accept your
forfeit of the argument.
>>Saying what you said above is counterproductive and will only serve to
>>confuse people. Perhaps you should wratchet up your pedantic nature and
>>instead of saying that it's "not SSH because it's on the wrong port" say
>>"it's non-compliant SSH because it's on the wrong port".
>>
>>
>
>Except for you, I think everyone else *got* the point.
>
>
That's funny - other people are arguing against you on this issue.
Making yourself feel like the world is on your side may make you feel
good... but you're not fooling me with a stupid remark like that.
>
>Then I'm being difficult. But in the end, this is my attempt to realign
>your thinking on it. That you are immobile is not something I can help.
>
>
>
I'm not the immobile one here.
-Barry
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: J.A. Terranson: "Re: [Full-Disclosure] SNMP Broadcasts"
- In reply to: J.A. Terranson: "Re: [Full-Disclosure] SNMP Broadcasts"
- Next in thread: J.A. Terranson: "Re: [Full-Disclosure] SNMP Broadcasts"
- Reply: J.A. Terranson: "Re: [Full-Disclosure] SNMP Broadcasts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
