Date: Mon, 19 Mar 2001 13:26:07 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: "Duwde (Fabio V. Dias)" <duwde@duwde.com.br> Cc: <freebsd-security@freebsd.org> Subject: Re: SSHD revelaing too much information. Message-ID: <Pine.BSF.4.31.0103191324240.4746-100000@achilles.silby.com> In-Reply-To: <3ABF93BE.A855334@duwde.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 26 Mar 2001, Duwde (Fabio V. Dias) wrote: > #define SSH_VERSION "OpenSSH_2.3.0 green@FreeBSD.org 20010321" > bash-2.04$ > -- > So as SSHD is a daemon USUALLY enable to the whole internet, > anyone can find out what OS (FreeBSD), and what SSHD *cvsuped" > version is running. As well as if it has been fixed or NOT. > > So targeting attacks to unfixed SSHDs running FreeBSD would be > made easier, as well as any other attacks in the future, 'cause > there will be no doubt of what OS the host is running. (plus > a good idea of its version, using the 20010321 string) It's for this reason that I've changed the version string on my hosts to: "OpenSSH_2.7.3 green@FreeBSD.org 20030122" Nobody's going to attack me now. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0103191324240.4746-100000>