[wellylug] suppressing sshd connect string
Ewen McNeill
wellylug at ewen.mcneill.gen.nz
Sat Sep 11 03:20:16 NZST 2004
In message <ski2k018oei8on1ndbrs3ao8d57dgfr74l at 4ax.com>, Enkidu writes:
>I'd disagree. The very first thing that the script kiddie's program
>sees is the banner. Then he doesn't have to write his program to find
>the right hols.
1. Script kiddies don't write programs; that's the point of the term.
2. Script kiddies run the exploit attempt anyway, the version string
is irrelevant. They'll run windows exploits against non-windows
systems, etc, so they're not going to let a mere mismatched version
string put them off. They're not even going to check the version
string. The motto of a script kiddie is "it might work anyway".
3. Either you have a vulnerable service or you don't. If you do, then
you should patch it. If you don't, it doesn't really matter if they
know which version it is.
And finally, as someone else said, if you care about people seeing what
services are being offered, then you need some other form of security,
such as port knocking, or firewalling services down to trusted hosts
(eg, many of my systems are run with ssh only allowed in from trusted
management hosts).
Ewen
PS: Alas the ssh version is part of the protocol negotiation now due
to some unfortunate implementation choices when the protocol went
from version 1.0 to later versions, along with a good helping of
politics (ssh went non-free, openssh came along later, etc).
More information about the wellylug
mailing list