From owner-freebsd-security  Mon Mar 26 11:21: 0 2001
Delivered-To: freebsd-security@freebsd.org
Received: from silby.com (adam042-060.resnet.wisc.edu [146.151.42.60])
	by hub.freebsd.org (Postfix) with ESMTP id EE46737B71B
	for <freebsd-security@freebsd.org>; Mon, 26 Mar 2001 11:20:55 -0800 (PST)
	(envelope-from silby@silby.com)
Received: (qmail 4759 invoked by uid 1000); 19 Mar 2001 19:26:07 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 19 Mar 2001 19:26:07 -0000
Date: Mon, 19 Mar 2001 13:26:07 -0600 (CST)
From: Mike Silbersack <silby@silby.com>
To: "Duwde (Fabio V. Dias)" <duwde@duwde.com.br>
Cc: <freebsd-security@freebsd.org>
Subject: Re: SSHD revelaing too much information.
In-Reply-To: <3ABF93BE.A855334@duwde.com.br>
Message-ID: <Pine.BSF.4.31.0103191324240.4746-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Mon, 26 Mar 2001, Duwde (Fabio V. Dias) wrote:

> #define SSH_VERSION	"OpenSSH_2.3.0 green@FreeBSD.org 20010321"
> bash-2.04$
> --
> So as SSHD is a daemon USUALLY enable to the whole internet,
> anyone can find out what OS (FreeBSD), and what SSHD *cvsuped"
> version is running. As well as if it has been fixed or NOT.
>
> So targeting attacks to unfixed SSHDs running FreeBSD would be
> made easier, as well as any other attacks in the future, 'cause
> there will be no doubt of what OS the host is running. (plus
> a good idea of its version, using the 20010321 string)

It's for this reason that I've changed the version string on my hosts to:

"OpenSSH_2.7.3 green@FreeBSD.org 20030122"

Nobody's going to attack me now.

Mike "Silby" Silbersack


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message