Full Disclosure mailing list archives
Re: SNMP Broadcasts
From: Barry Fitzgerald <bkfsec () sdf lonestar org>
Date: Fri, 16 Jul 2004 16:31:56 -0400
J.A. Terranson wrote:
Agreed to the example above as it's a trojan, not an HTTP server, but if you take Apache and assign it to port 8081, you do have an HTTP server running on that port. The distinction is one of intent and design, not technicality.Agreed. It is the SSH protocol, but it is not the SSH *service*. It violates the standard (as you note). If I write a trojan that uses HTTP to process requests, then park it on 31337, I do not have an HTTP serv(er|ice). I have a trojan which happens to use the HTTP protocol.
Yes, and not all standard subsections are of equal value. Making the distinction based on bound port is, frankly, stupid.No, not at all. There's a big difference between a *standardized service* and it's underlying protocols. In order to be SSH, it must comply with all of the standards for SSH. Otherwise, you get a M$ Windows product.
I understood that risk during the first post, and deliberately made note of that.
So you knew you were wrong but said it anyway?
Actually, please point me to the SSH standard document and section that lists that sshd *must* run on TCP port 22 to be a valid SSH server. My point about standards compliance in the last mail made the assumption that bound port was defined at all in the standard. Doing a quick review of the IETF Secure Shell standard draft, I can't see any mention of it at all.As a non member of the appropriate standards bodies, what I would like is irrelevant. If you assess a site, and report that they have ssh running on port 31337, you are not providing factual data - you are providing an uninformed opinon, which is *wrong*.
Barring your ability to provide this information, I'll accept your forfeit of the argument.
Saying what you said above is counterproductive and will only serve to confuse people. Perhaps you should wratchet up your pedantic nature and instead of saying that it's "not SSH because it's on the wrong port" say "it's non-compliant SSH because it's on the wrong port".Except for you, I think everyone else *got* the point.
That's funny - other people are arguing against you on this issue.Making yourself feel like the world is on your side may make you feel good... but you're not fooling me with a stupid remark like that.
I'm not the immobile one here.Then I'm being difficult. But in the end, this is my attempt to realign your thinking on it. That you are immobile is not something I can help.
-Barry _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SNMP Broadcasts BillyBob (Jul 13)
- Re: SNMP Broadcasts J.A. Terranson (Jul 13)
- Message not available
- Message not available
- Re: SNMP Broadcasts Mohit Muthanna (Jul 14)
- Message not available
- Re: SNMP Broadcasts J.A. Terranson (Jul 13)
- Re: SNMP Broadcasts Mohit Muthanna (Jul 14)
- <Possible follow-ups>
- Re: SNMP Broadcasts Martin Wasson (Jul 15)
- Re: SNMP Broadcasts J.A. Terranson (Jul 15)
- Re: SNMP Broadcasts tshilson (Jul 15)
- Re: SNMP Broadcasts Barry Fitzgerald (Jul 16)
- Re: SNMP Broadcasts J.A. Terranson (Jul 16)
- Re: SNMP Broadcasts Barry Fitzgerald (Jul 16)
- Re: SNMP Broadcasts J.A. Terranson (Jul 16)
- Re: SNMP Broadcasts Barry Fitzgerald (Jul 19)
- RE: SNMP Broadcasts Yaakov Yehudi (Jul 19)
- Re: SNMP Broadcasts J.A. Terranson (Jul 15)
- Re: SNMP Broadcasts Mohit Muthanna (Jul 16)
- Re: SNMP Broadcasts tshilson (Jul 16)