[wellylug] suppressing sshd connect string
Enkidu
enkidu at cliffp.com
Fri Sep 10 18:32:12 NZST 2004
On Thu, 09 Sep 2004 23:04:51 +1200 (NZST), you wrote:
>
>
>On Thu, 9 Sep 2004, Sam Cannell wrote:
>
>> http://groups.google.com/groups?selm=cy9se16re.fsf%40zeus.theos.com&outp
>> ut=gplain
>>
>> I think that's about as clear as it gets ;)
>
>Yes, so for those without Internet access:
>
>"If I see one more note about turning off the SSH version string, I am
>going to scream.
>
>IT IS NECCESSARY." -- Theo de Raadt
>
Yeah right. Any script kiddy gets an *immediate* hint as to what
exploits to try. If the string was suppressed they'd have to work far
harder to find the right hole to try. They probably go on to an easy
target.
Cheers,
Cliff
More information about the wellylug
mailing list