Re: Disable openssh version banner
From: Bruno Wolff III (bruno@cerberus.csd.uwm.edu)
Date: 02/28/03
- Next message: Cedric Blancher: "Re: Disable openssh version banner"
- Previous message: Cedric Blancher: "Re: iptables and bind"
- In reply to: retribution: "Re: Disable openssh version banner"
- Next in thread: Wojtek Walczak: "Re: Disable openssh version banner"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Bruno Wolff III <bruno@cerberus.csd.uwm.edu> Date: 28 Feb 2003 14:31:21 GMT
In article <0BB7a.40117$ep5.32327@nwrddc02.gnilink.net>, retribution wrote:
> really? I would've thought they would'vedone that differently so that the
> version could be hidden like with most other daemons, but then I guess the
> info would be in the code and would have to be made fairly obvious for
> clients to be written for it, so it wouldn't have been hiding much...
There are different versions of the protocol and the client and server need
to make sure they are using the same one, so the version information
needs to be available.
There is little to be gained from hiding the version anyway. It is generally
faster to try an exploit than to first check the version number, so it won't
gain you much against script kiddies or worms. There are other ways to
profile systems that can be used by serious hackers, so that just changing
the version number may not help here either.
What you should be doing is limiting where you accept connections from
(if feasible) and following security reports so that you know when you
need to upgrade.
- Next message: Cedric Blancher: "Re: Disable openssh version banner"
- Previous message: Cedric Blancher: "Re: iptables and bind"
- In reply to: retribution: "Re: Disable openssh version banner"
- Next in thread: Wojtek Walczak: "Re: Disable openssh version banner"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
