Re: ssh broadcasts package name???
%% Dave Sherohman <esper@sherohman.org> writes:
ds> On Fri, Oct 25, 2002 at 04:58:09PM -0700, nate wrote:
>> tripped dozens of rules in my IDS and came back to me pissing their
>> pants saying my SSH was vulnerable because it wasn't the absolute newest,
>> took some time to convince them(had to talk to one of their engineers
>> who understood what backporting was) that we were not vulnerable to the
>> specific things they were probing for.
ds> Quick and easy way to convince them: "Really? How's about I stand
ds> here and watch you exploit it." Shouldn't take more than 5-10
ds> minutes of banging their head against your server to realize that
ds> no, it's not vulnerable.
You obviously don't understand the corporate IT mindset :)--it's not up
to them to prove your system is vulnerable, it's up to _you_ to prove
that it isn't.
If they think it's vulnerable or don't believe you they'll just
blacklist it from the network and you're SOL. They have all the power,
because they control the network (routers/switches/firewalls/etc.)
Of course, given the average level of understanding of these things in a
corporate IT environment I'd be very surprised if many of them would
look at the Debian extended version string and go "oh, yeah, Debian has
a patched version; that's fine" so I'm not sure how much _immediate_
help it is anyway.
But, at least you can point them at the appropriate security alerts and
responses on the Debian web site and have some semblance of an argument
to back you up.
--
-------------------------------------------------------------------------------
Paul D. Smith <pausmith@nortelnetworks.com> HASMAT--HA Software Mthds & Tools
"Please remain calm...I may be mad, but I am a professional." --Mad Scientist
-------------------------------------------------------------------------------
These are my opinions---Nortel Networks takes no responsibility for them.
Reply to: