Penetration Testing mailing list archives
Re: SSH 4.3 dos question
From: earle.david () gmail com
Date: 25 Feb 2007 02:45:54 -0000
The obvious two considerations are: 1. Is OpenSSH configured to accept SSH version one traffic? I'm not up on SSH, but you might be able to test this with a connection attempt for an older version. 2. What hardware is the system running? Even if the system is vulnerable, the vulnerability description only says that a DOS is possible. A high-end CPU or processing limits placed on the service could cause you some problems. Beyond that, you may want to vet the exploit code to ensure that it's doing what it says its doing. From glancing at it it looks fine, but you do see a lot of vulnerabilities that are subtly edited to simply not work, at least if you don't tweak them appropriately. Good luck with your testing! ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- SSH 4.3 dos question Francois Yang (Feb 23)
- Re: SSH 4.3 dos question M . B . Jr . (Feb 25)
- <Possible follow-ups>
- Re: SSH 4.3 dos question earle . david (Feb 25)