On Mon, 2003-06-16 at 23:32, Tomasz Papszun wrote:
On Mon, 16 Jun 2003 at 14:26:33 +0200, Stefan Neufeind wrote:
On 16 Jun 2003 at 7:00, Halil Demirezen wrote:
To be brief, I don't usually come accross that there is an exploit for
only effective to debian boxes. Plus, There are lots of
On Tue, 17 Jun 2003 at 11:56:36PM +1000, Mark Devin wrote:
I was going to say exactly this earlier in the thread. I put this in My
Apache config quite some time ago when I realised I could. There should
be something similar in the sshd_config in my opinion.
File a wishlist bug with the ssh
Hi,
On Tue Jun 17, 2003 at 10:44:01 -0400, Phillip Hofmeister wrote:
On Tue, 17 Jun 2003 at 11:56:36PM +1000, Mark Devin wrote:
I was going to say exactly this earlier in the thread. I put this
in My
Apache config quite some time ago when I realised I could. There
should
be something
On Mon, 2003-06-16 at 23:32, Tomasz Papszun wrote:
On Mon, 16 Jun 2003 at 14:26:33 +0200, Stefan Neufeind wrote:
On 16 Jun 2003 at 7:00, Halil Demirezen wrote:
To be brief, I don't usually come accross that there is an exploit for
only effective to debian boxes. Plus, There are lots of
On Tue, 17 Jun 2003 at 11:56:36PM +1000, Mark Devin wrote:
I was going to say exactly this earlier in the thread. I put this in My
Apache config quite some time ago when I realised I could. There should
be something similar in the sshd_config in my opinion.
File a wishlist bug with the ssh
Hi,
On Tue Jun 17, 2003 at 10:44:01 -0400, Phillip Hofmeister wrote:
On Tue, 17 Jun 2003 at 11:56:36PM +1000, Mark Devin wrote:
I was going to say exactly this earlier in the thread. I put this
in My
Apache config quite some time ago when I realised I could. There
should
be something
Mark Devin [EMAIL PROTECTED] writes:
On Mon, 2003-06-16 at 23:32, Tomasz Papszun wrote:
ServerTokens ProductOnly
ServerSignature Off
I was going to say exactly this earlier in the thread. I put this in My
Apache config quite some time ago when I realised I could. There should
be
maybe someone's using scanssh ?
apt-cache show scanssh
- Original Message -
From: Halil Demirezen [EMAIL PROTECTED]
To: TiM [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, June 16, 2003 11:00 AM
Subject: Re: Someone scanned my ssh daemon
--
To UNSUBSCRIBE, email to [EMAIL
On Mon, 16 Jun 2003 at 14:26:33 +0200, Stefan Neufeind wrote:
On 16 Jun 2003 at 7:00, Halil Demirezen wrote:
To be brief, I don't usually come accross that there is an exploit for
only effective to debian boxes. Plus, There are lots of ways to learn
what distribution you are running on
On Mon, 16 Jun 2003 15:20:56 +1200 (NZST)
TiM [EMAIL PROTECTED] wrote:
But if the kiddies only have an exploit that works only on Debian woody,
they're going to know to target my box.
Make them work for their information :)
The likelyhood of them even attempting to get that information is tiny
My Debian box:
Connection closed by foreign host.
[EMAIL PROTECTED]:~ telnet xx.com 22
Trying 203.167.224....
Connected to xx.com.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
To be brief, I don't usually come accross that there is an exploit
for only
maybe someone's using scanssh ?
apt-cache show scanssh
- Original Message -
From: Halil Demirezen [EMAIL PROTECTED]
To: TiM [EMAIL PROTECTED]
Cc: debian-security@lists.debian.org
Sent: Monday, June 16, 2003 11:00 AM
Subject: Re: Someone scanned my ssh daemon
On 16 Jun 2003 at 7:00, Halil Demirezen wrote:
My Debian box:
Connection closed by foreign host.
[EMAIL PROTECTED]:~ telnet xx.com 22
Trying 203.167.224....
Connected to xx.com.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
To be brief, I don't
On Mon, 16 Jun 2003 at 14:26:33 +0200, Stefan Neufeind wrote:
On 16 Jun 2003 at 7:00, Halil Demirezen wrote:
To be brief, I don't usually come accross that there is an exploit for
only effective to debian boxes. Plus, There are lots of ways to learn
what distribution you are running on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It looks as though someone is trying to crack my box through ssh. This
is what logcheck emailed me:
- -- snip --
Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
Jun 16 04:36:03 jack sshd[20027]: Connection from
Quoting Mark Devin [EMAIL PROTECTED]:
Hash: SHA1
It looks as though someone is trying to crack my box through ssh. This
is what logcheck emailed me:
- -- snip --
Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
Jun 16 04:36:03 jack sshd[20027]: Connection from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark Devin wrote:
| It looks as though someone is trying to crack my box through ssh.
OK, now I realise that it is an ssh scanner.
See: http://www.monkey.org/~provos/scanssh/
Why is it that the Debian version of sshd gives out any information
about its
On Mon, 16 Jun 2003 09:05:20 +1000
Mark Devin [EMAIL PROTECTED] wrote:
Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
Jun 16 04:36:03 jack sshd[20027]: Connection from 212.202.204.149 port 2810
Jun 16 04:36:04 jack sshd[20027]: scanned from 212.202.204.149 with
I really wouldn't worry about your verison number being leaked. If an
attacker wants to crack your machine, they are just going to try running
an exploit against it. Why bother testing the version number when it
(often) takes less time to just try the attack?
I suppose one reason to hide the
On Mon, Jun 16, 2003 at 10:08:41AM +1000, Mark Devin wrote:
So they know that I am running debian and what version of ssh I use! I
know that security through obscurity is no security, but I still don't
want to help any attackers. Anyone else have thoughts on this?
It is necessary so that the
is what logcheck emailed me:
- -- snip --
Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
Jun 16 04:36:03 jack sshd[20027]: Connection from 212.202.204.149 port 2810
Jun 16 04:36:04 jack sshd[20027]: scanned from 212.202.204.149 with
SSH-1.0-SSH_Version_Mapper.
I don't like the fact it has to give away I'm running Debian.
For example:
My Slackware box:
[EMAIL PROTECTED]:~ telnet x.tsnz.net 22
Trying 203.97.131.xxx...
Connected to x.tsnz.net.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.6.1p1
My Debian box:
Connection closed by foreign host.
On Mon, 16 Jun 2003 15:20:56 +1200 (NZST)
TiM [EMAIL PROTECTED] wrote:
But if the kiddies only have an exploit that works only on Debian woody,
they're going to know to target my box.
Make them work for their information :)
The likelyhood of them even attempting to get that information is tiny
My Debian box:
Connection closed by foreign host.
[EMAIL PROTECTED]:~ telnet xx.com 22
Trying 203.167.224....
Connected to xx.com.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
To be brief, I don't usually come accross that there is an exploit
for only
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It looks as though someone is trying to crack my box through ssh. This
is what logcheck emailed me:
- -- snip --
Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
Jun 16 04:36:03 jack sshd[20027]: Connection from
Quoting Mark Devin [EMAIL PROTECTED]:
Hash: SHA1
It looks as though someone is trying to crack my box through ssh. This
is what logcheck emailed me:
- -- snip --
Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
Jun 16 04:36:03 jack sshd[20027]: Connection from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark Devin wrote:
| It looks as though someone is trying to crack my box through ssh.
OK, now I realise that it is an ssh scanner.
See: http://www.monkey.org/~provos/scanssh/
Why is it that the Debian version of sshd gives out any information
about
On Mon, 16 Jun 2003 09:05:20 +1000
Mark Devin [EMAIL PROTECTED] wrote:
Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
Jun 16 04:36:03 jack sshd[20027]: Connection from 212.202.204.149 port 2810
Jun 16 04:36:04 jack sshd[20027]: scanned from 212.202.204.149 with
I really wouldn't worry about your verison number being leaked. If an
attacker wants to crack your machine, they are just going to try running
an exploit against it. Why bother testing the version number when it
(often) takes less time to just try the attack?
I suppose one reason to hide the
On Mon, Jun 16, 2003 at 10:08:41AM +1000, Mark Devin wrote:
So they know that I am running debian and what version of ssh I use! I
know that security through obscurity is no security, but I still don't
want to help any attackers. Anyone else have thoughts on this?
It is necessary so that the
is what logcheck emailed me:
- -- snip --
Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
Jun 16 04:36:03 jack sshd[20027]: Connection from 212.202.204.149 port 2810
Jun 16 04:36:04 jack sshd[20027]: scanned from 212.202.204.149 with
SSH-1.0-SSH_Version_Mapper.
I don't like the fact it has to give away I'm running Debian.
For example:
My Slackware box:
[EMAIL PROTECTED]:~ telnet x.tsnz.net 22
Trying 203.97.131.xxx...
Connected to x.tsnz.net.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.6.1p1
My Debian box:
Connection closed by foreign host.
32 matches
Mail list logo