Re: Someone scanned my ssh daemon

To: debian-security@lists.debian.org
Subject: Re: Someone scanned my ssh daemon
From: Mark Devin <mdevin@ozemail.com.au>
Date: Mon, 16 Jun 2003 10:08:41 +1000
Message-id: <[🔎] 3EED0A89.7040301@ozemail.com.au>
In-reply-to: <[🔎] 3EECFBB0.9020405@ozemail.com.au>
References: <[🔎] 3EECFBB0.9020405@ozemail.com.au>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark Devin wrote:
| It looks as though someone is trying to crack my box through ssh.

OK, now I realise that it is an ssh scanner.
See: http://www.monkey.org/~provos/scanssh/

Why is it that the Debian version of sshd gives out any information
about its version number.  Unless it is absolutely necessary for the
clients to connect, I would like my ssh daemon to give out no version
information to these scanners.  Why doesn't debian do this by default?

Here is what my machine shows when I run scanssh against it:
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1

So they know that I am running debian and what version of ssh I use!  I
know that security through obscurity is no security, but I still don't
want to help any attackers.  Anyone else have thoughts on this?

Regards.
Mark.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+7QqJL/zYpWVgapgRAlKNAJ9ttp2EXJTQOM0zbt4QxP9+9035FgCfecVc
gIRXdU/bu7D5WN/1s1La4Is=
=NZ2c
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Someone scanned my ssh daemon
  - From: Adam Lydick <adam.lydick@verizon.net>
- Re: Someone scanned my ssh daemon
  - From: Noah Meyerhans <noahm@debian.org>

References:
- Someone scanned my ssh daemon
  - From: Mark Devin <mdevin@ozemail.com.au>

Prev by Date: Re: Someone scanned my ssh daemon
Next by Date: Re: Someone scanned my ssh daemon
Previous by thread: Re: Someone scanned my ssh daemon
Next by thread: Re: Someone scanned my ssh daemon
Index(es):
- Date
- Thread