Re: ssh broadcasts package name???

To: debian-user@lists.debian.org
Subject: Re: ssh broadcasts package name???
From: Dave Sherohman <esper@sherohman.org>
Date: Mon, 28 Oct 2002 15:15:13 -0600
Message-id: <[🔎] 20021028211513.GD14487@sherohman.org>
Mail-followup-to: Dave Sherohman <esper@sherohman.org>, debian-user@lists.debian.org
In-reply-to: <[🔎] 24365.216.39.174.24.1035590289.squirrel@webmail.linuxpowered.net>
References: <[🔎] 86znt29jq6.fsf@homeip.net> <[🔎] 24365.216.39.174.24.1035590289.squirrel@webmail.linuxpowered.net>

On Fri, Oct 25, 2002 at 04:58:09PM -0700, nate wrote:
> tripped dozens of rules in my IDS and came back to me pissing their
> pants saying my SSH was vulnerable because it wasn't the absolute newest,
> took some time to convince them(had to talk to one of their engineers
> who understood what backporting was) that we were not vulnerable to the
> specific things they were probing for.

Quick and easy way to convince them:  "Really?  How's about I stand
here and watch you exploit it."  Shouldn't take more than 5-10
minutes of banging their head against your server to realize that no,
it's not vulnerable.

-- 
When we reduce our own liberties to stop terrorism, the terrorists
have already won. - reverius

Innocence is no protection when governments go bad. - Tom Swiss

Reply to:

Follow-Ups:
- Re: ssh broadcasts package name???
  - From: "Paul Smith" <pausmith@nortelnetworks.com>

References:
- Re: ssh broadcasts package name???
  - From: DvB <imasu@earthlink.net>
- Re: ssh broadcasts package name???
  - From: "nate" <debian-user@aphroland.org>

Prev by Date: Re: hp keyboard
Next by Date: Re: Maximum partition size
Previous by thread: Re: ssh broadcasts package name???
Next by thread: Re: ssh broadcasts package name???
Index(es):
- Date
- Thread