nanog mailing list archives
Re: Update to BCP-38?
From: "Valdis Klētnieks" <valdis.kletnieks () vt edu>
Date: Tue, 08 Oct 2019 15:17:59 -0400
On Tue, 08 Oct 2019 11:53:33 -0600, "Keith Medcalf" said:
So while the cost of doing the thing may be near-zero, it is not zero.
And in fact, there's more than just the costs of doing it. There's also the costs of having done it. Obfuscating your OpenSSH versions is a *really* good way to make your security scanners that flag backleveled systems fail to flag the systems. Which can cause a really uncomfortable conversation with the CIO about why the local newspaper's front page is running a story about how your organization got totally pwned via a backleveled OpenSSH on one cluster of 5 servers.....
Attachment:
_bin
Description:
Current thread:
- Re: Update to BCP-38?, (continued)
- Re: Update to BCP-38? Valdis Klētnieks (Oct 03)
- Re: Update to BCP-38? William Herrin (Oct 04)
- RE: Update to BCP-38? Keith Medcalf (Oct 04)
- Re: Update to BCP-38? Mike Meredith via NANOG (Oct 08)
- Re: Update to BCP-38? Rich Kulawiec (Oct 08)
- RE: Update to BCP-38? Mark Collins (Oct 08)
- RE: Update to BCP-38? Keith Medcalf (Oct 08)
- Re: Update to BCP-38? Mike Meredith via NANOG (Oct 09)
- Re: Update to BCP-38? William Herrin (Oct 08)
- RE: Update to BCP-38? Keith Medcalf (Oct 08)
- Re: Update to BCP-38? Valdis Klētnieks (Oct 08)
- Re: Update to BCP-38? Mark Collins (Oct 10)
- RE: Update to BCP-38? Keith Medcalf (Oct 08)
- Re: Update to BCP-38? Rich Kulawiec (Oct 09)
- Re: Update to BCP-38? Fred Baker (Oct 03)
- Re: Update to BCP-38? Stephen Satchell (Oct 03)
- Re: Update to BCP-38? Fred Baker (Oct 03)