Re: ssh broadcasts package name???
On Fri, Oct 25, 2002 at 04:58:09PM -0700, nate wrote:
> tripped dozens of rules in my IDS and came back to me pissing their
> pants saying my SSH was vulnerable because it wasn't the absolute newest,
> took some time to convince them(had to talk to one of their engineers
> who understood what backporting was) that we were not vulnerable to the
> specific things they were probing for.
Quick and easy way to convince them: "Really? How's about I stand
here and watch you exploit it." Shouldn't take more than 5-10
minutes of banging their head against your server to realize that no,
it's not vulnerable.
--
When we reduce our own liberties to stop terrorism, the terrorists
have already won. - reverius
Innocence is no protection when governments go bad. - Tom Swiss
Reply to: