Re: Blocking SSH-1.0-SSH_Version_Mapper?

From: David Kaczynski (TheSnitch@HUS.HMAIL.COM)
Date: 01/28/02 

From: David Kaczynski <TheSnitch@HUS.HMAIL.COM>
Date: Mon, 28 Jan 2002 11:19:31 -0800

On Mon, 28 Jan 2002 14:21:50 GMT, Steve Snyder <swsnyder@home.com>
wrote:

>I've been seeing a lot of scans lately:
>
>sshd[20270]: scanned from 203.248.195.95 with SSH-1.0-SSH_Version_Mapper.
>Don't panic.
>sshd[5918]: scanned from 203.58.81.100 with SSH-1.0-SSH_Version_Mapper.
>Don't panic.
>sshd[27695]: scanned from 212.32.168.22 with SSH-1.0-SSH_Version_Mapper.
>Don't panic.
>sshd[4232]: scanned from 206.101.242.55 with SSH-1.0-SSH_Version_Mapper.
>Don't panic.
>
>Ok, I'm not panicking but I am concerned.
>
>This is with OpenSSH v2.9p2 on a Linux box. Apart from blocking these IP
>addresses in my firewall (after the fact), what can I do to discourage
>people from scanning my server?
>
>Given how popular SSH-1.0-SSH_Version_Mapper seems to be with snoops and
>busybodies, is there a way to defeat its use?

Don't.

For a couple reasons -- the first is because of Theo's highly detailed
reasons and explanations given here:

http://groups.google.com/groups?selm=cy9se16re.fsf%40zeus.theos.com&output=gplain

And Richard's irrational and inflammatory reasons given here:

http://groups.google.com/groups?selm=cy9se16re.fsf%40zeus.theos.com&output=gplain

:)

Always keep up with the latest versions and security advisories for
OpenSSH. By doing so, choosing secure passwords (public-key
authentication is even better!) and keeping any unnecessary and
insecure services (e.g., telnetd) shut off on your UNIX box, although
hackers will scan your box, you are going to be a much less tasty
target than 95% of your neighbors.

Relevant Pages

  • Re: software update
    ... > I have bad experience with openssh: I didn't patch openssh in rh7.2 ... But sgi machine with old ... I'm sure you have other reasons for wanting an SGI sshd, ...
    (comp.sys.sgi.admin)
  • Re: OpenSSH3.5p1 vs. Commercial SSH 3.2
    ... I prefer OpenSSH because of the following reasons: ... Support that goes beyond community mailing lists (but then, ... to install OpenSSH on pre-9 Solaris releases, ...
    (comp.security.ssh)
  • Re: OpenSSH3.5p1 vs. Commercial SSH 3.2
    ... > I prefer OpenSSH because of the following reasons: ... > to install OpenSSH on pre-9 Solaris releases, ... under control of the config file. ...
    (comp.security.ssh)
  • Re: ssh and redhat 5.2
    ... >]> most recent one since openssh has some security bugs. ... >]has never been a RedHat published release for RedHat 6.x version of ... And which may not have correct PAM settings, correct handling of Kerberos, ... There are good reasons to avoid building it yourself if you're not familiar ...
    (comp.security.ssh)
  • Re: Britain is full of paraniod racists...
    ... who looked middle eastern getting on their plane, panicking they ... started looking for reasons as to why the guys were terrorists. ...
    (rec.sport.pro-wrestling)