Re: Someone scanned my ssh daemon
I really wouldn't worry about your verison number being leaked. If an
attacker wants to crack your machine, they are just going to try running
an exploit against it. Why bother testing the version number when it
(often) takes less time to just try the attack?
I suppose one reason to hide the version number is to make it more
difficult to pregenerate a list of machines to attack, so you can start
attacking right away.
However, since most people will be running and updating all of their
packages at once, the versions will belong to a limited set. So if *any*
package leaks version info, you can guess what version the others are.
AdamL
On Sun, 2003-06-15 at 17:08, Mark Devin wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Mark Devin wrote:
> | It looks as though someone is trying to crack my box through ssh.
>
> OK, now I realise that it is an ssh scanner.
> See: http://www.monkey.org/~provos/scanssh/
>
> Why is it that the Debian version of sshd gives out any information
> about its version number. Unless it is absolutely necessary for the
> clients to connect, I would like my ssh daemon to give out no version
> information to these scanners. Why doesn't debian do this by default?
>
> Here is what my machine shows when I run scanssh against it:
> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
>
> So they know that I am running debian and what version of ssh I use! I
> know that security through obscurity is no security, but I still don't
> want to help any attackers. Anyone else have thoughts on this?
>
> Regards.
> Mark.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE+7QqJL/zYpWVgapgRAlKNAJ9ttp2EXJTQOM0zbt4QxP9+9035FgCfecVc
> gIRXdU/bu7D5WN/1s1La4Is=
> =NZ2c
> -----END PGP SIGNATURE-----
--
Adam Lydick <adam.lydick@verizon.net>
Reply to: