On Wed, 2004-01-14 at 11:08, Guy Van Sanden wrote: > On Wed, 2004-01-14 at 11:49, Greg Bolshaw wrote: > > On Tue, 2004-01-13 at 20:11, gabriel wrote: > > > i'm working on a linux box here @work that's running a little-known distro > > > called "neos" and i'm trying to determine if the ssh daemon that's running on > > > it is free of all the scary bugs that have appeared over the last year. > > > > Probably best to install Nessus (http://www.nessus.org/) or similar and > > scan for vulns in the SSH daemon. > > Nessus only checks the version string to check if a daemon is > vulnerable.
Nessus *does* check the version string, but only to provide it for your information. It will try to exploit all known bugs in sshd. In my opinion, this is the only way to be certain you're not vulnerable. Search for "ssh" at http://cgi.nessus.org/plugins/search.html to see a list of the vulns that will be identified. -- Kind regards Greg Bolshaw Consultant Linux Technologies http://www.linuxtechnologies.co.uk/
signature.asc
Description: This is a digitally signed message part
