Re: Openssh and sendmail signatures
From: Kurt Seifried (bugtraq@seifried.org)Date: 09/11/02
- Previous message: Robert W. Jaroszuk: "Re: Openssh and sendmail signatures"
- In reply to: Mogens Valentin: "Openssh and sendmail signatures"
- Next in thread: Michael Zimmermann: "Re: Openssh and sendmail signatures"
- Next in thread: Mogens Valentin: "Re: Openssh and sendmail signatures"
- Reply: Michael Zimmermann: "Re: Openssh and sendmail signatures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Kurt Seifried" <bugtraq@seifried.org> To: <monz@danbbs.dk>, "focus-linux" <focus-linux@securityfocus.com> Date: Wed, 11 Sep 2002 12:48:14 -0600
> How do I prevent Openssh telling which version is running?
> Likewise with sendmail? (I know you'll tell med to use another MTA..).
>
> Surely it's a problem with my eyes, haven't found out yet, though.
Part of the OpenSSH spec requires you to tell the remote end what version
you are running, i.e. so it knows what the capabilities are. You could
pretend to run a different version but may run into trouble. As for sendmail
I can still figure out what version you have based on error codes/etc.
Fiddling with banners is cute but largely useless since few mass attackers
bother to scan anymore, they simply shotgun out the attacks and see what
comes back. You will still be running an insecure version of whatever
software if you do not regularily patch it/etc.
Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
- Previous message: Robert W. Jaroszuk: "Re: Openssh and sendmail signatures"
- In reply to: Mogens Valentin: "Openssh and sendmail signatures"
- Next in thread: Michael Zimmermann: "Re: Openssh and sendmail signatures"
- Next in thread: Mogens Valentin: "Re: Openssh and sendmail signatures"
- Reply: Michael Zimmermann: "Re: Openssh and sendmail signatures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
