Re: SSH 2.4.0/3.0.1 usernames guessable ?

From: Marco van Berkum (m.v.berkum@obit.nl)
Date: 09/04/01


Message-ID: <3B949C67.E74A4508@obit.nl>
Date: Tue, 04 Sep 2001 11:18:31 +0200
From: Marco van Berkum <m.v.berkum@obit.nl>
To: Liran Cohen <Theog@ParadigmGeo.com>
Subject: Re: SSH 2.4.0/3.0.1 usernames guessable ?

Liran Cohen wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Well that is the case with most of the network applications except
> apache (the ones I encountered) , however there is tool called
> Languard port scanner which can show you host responses,(relly
> kneet), If it bothers you I'm sure you can always download the ssh
> source code and change that response (just search for the string....)
>

Sure, or try OpenSSH or SSH 3.0.1.
I'm still not entirely sure of 3.0.1, I hear some vuln, some not ??
Can someone doubletest this plz?

grtz,
Marco van Berkum

--
GCC dpu s:--- a- C+++ US++++ P++ L+++ E---- W N o-- K w---
O- M-- V-- PS+++ PE-- Y+ PGP--- t--- 5 X R* tv++ b+++ DI-- D----
G++ e- h+ r y*
+---------------------+------------------+-------------------+
|  Marco van Berkum   |   MB17300-RIPE   | Security Engineer |
|  http://ws.obit.nl  | "Chernobyl used  | Network Admin     |
|  m.v.berkum@obit.nl |     Windows"     |      UNIX         |
+---------------------+------------------+-------------------+