Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSH 2.4.0/3.0.1 usernames guessable ?

From: Marco van Berkum <m.v.berkum () obit nl>
Date: Tue, 04 Sep 2001 11:18:31 +0200
Liran Cohen wrote:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well that is the case with most of the network applications except
apache (the ones I encountered) , however there is tool called
Languard port scanner which can show you host responses,(relly
kneet), If it bothers you I'm sure you can always download the ssh
source code and change that response (just search for the string....)



Sure, or try OpenSSH or SSH 3.0.1.
I'm still not entirely sure of 3.0.1, I hear some vuln, some not ??
Can someone doubletest this plz?

grtz,
Marco van Berkum
--
GCC dpu s:--- a- C+++ US++++ P++ L+++ E---- W N o-- K w---
O- M-- V-- PS+++ PE-- Y+ PGP--- t--- 5 X R* tv++ b+++ DI-- D----
G++ e- h+ r y*
+---------------------+------------------+-------------------+
|  Marco van Berkum   |   MB17300-RIPE   | Security Engineer |
|  http://ws.obit.nl  | "Chernobyl used  | Network Admin     |
|  m.v.berkum () obit nl |     Windows"     |      UNIX         |
+---------------------+------------------+-------------------+
Previous By Date Next
Previous By Thread Next

Current thread: