Re: ssh broadcasts package name???

["nate" <debian-user@aphroland.org>]

DvB said:

> You're probably right about it being security through obscurity. I was
> thinking in terms of someone looking for "exploitable" machines but, on
> second thought, I suppose that instead of probing each computer for
> vulnerability, one could just go ahead and test the exploit... in most
> cases, anyway.

that would be the best way. A few months ago a security "services" company
was offering my company "services" in the form of automatic port scans
and vulnerability detection and virus notifications. They offered to
do a trial run against one of my servers, so I said go for it. They
tripped dozens of rules in my IDS and came back to me pissing their
pants saying my SSH was vulnerable because it wasn't the absolute newest,
took some time to convince them(had to talk to one of their engineers
who understood what backporting was) that we were not vulnerable to the
specific things they were probing for.

outpost 24 was the company..nice folk, too bad more people don't
understand the concept of back porting fixes, I was amazed how freaked
out the sales guy got. He thanked me in the end(even though I turned their
services down) because I taught him a lot in the process. and sure enough
a few weeks later he was calling me for help on some personal trouble he
was having on his servers..:/

results of their scan(just for the hell of it):
http://saratoga.linuxpowered.net/scan/

since there is no machine on that IP address anymore(damn downsizing!)
theres no harm done :)

nate