smime.p7m
Description: S/MIME encrypted message
J.A. Terranson wrote:
We are just going to have to agree to disagree, since neither of our camps
seems willing to move, and really, this is getting pointless: to make
further [rehash] arguments likely wont help.
We have divergent world views, and likely different foundational
indoctrination which r
<...snip...>
> > you're just being
> > difficult.
>
> Then I'm being difficult.
<...snip...>
Pedantic may be a better word, but in any case I think that we have reached
the point that further discussion will be unproductive.
tom
of the Sweetwater Sea
___
> No, not at all. There's a big difference between a *standardized service*
> and it's underlying protocols. In order to be SSH, it must comply with
> all of the standards for SSH. Otherwise, you get a M$ Windows product.
I was trying to stay away from this thread, but anyhow:
If you've ever r
>Actually, please point me to the SSH standard document and section that lists that
>sshd *must* run on TCP port 22 to be a valid SSH server.
It doesn't. It
(http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-18.txt) says
"4.1 Use over TCP/IP
When used over TCP/IP, the server
We are just going to have to agree to disagree, since neither of our camps
seems willing to move, and really, this is getting pointless: to make
further [rehash] arguments likely wont help.
We have divergent world views, and likely different foundational
indoctrination which render this an unpro
J.A. Terranson wrote:
Agreed. It is the SSH protocol, but it is not the SSH *service*. It
violates the standard (as you note).
If I write a trojan that uses HTTP to process requests, then park it on
31337, I do not have an HTTP serv(er|ice). I have a trojan which happens
to use the HTTP protocol
On Fri, 16 Jul 2004, Barry Fitzgerald wrote:
> J.A. Terranson wrote:
>
> >>Oh, I get it. So if root executes "sshd -p 45522" --this is not
> >>*technically* ssh, right?
> >>
> >>
> >
> >If sshd is running on 45522 it's a back door Marty :-) And no, in this
> >case, pedantic or not, it's not "s
J.A. Terranson wrote:
Oh, I get it. So if root executes "sshd -p 45522" --this is not
*technically* ssh, right?
If sshd is running on 45522 it's a back door Marty :-) And no, in this
case, pedantic or not, it's not "ssh" as is commonly accepted.
(Responding to essentially the only on-top
I am a newbie, but a few thoughts occur to me:
First is that my emailer doesn't handle this well at all. More Below:
[signature deleted]
[EMAIL PROTECTED] wrote on 07/15/2004 04:36:29 PM:
<...snip...>
> let's note that you are the only MCSE here.
How do you know> I *could* be an MCSE.
On Thu, 15 Jul 2004, Martin Wasson wrote:
> From: Martin Wasson <[EMAIL PROTECTED]>
^^
What's stopping you from using your, um, more common address?
> >>This is not, *technically* SNMP, as it is not using it's assigned ports.
> >>This is a variant,
>>This is not, *technically* SNMP, as it is not using it's assigned ports.
>>This is a variant, and interestingly, that port is assigned to
>>
>> empire-empuma 1691/tcpempire-empuma
>> empire-empuma 1691/udpempire-empuma
>>
>>Unless Sysedge is the decendant o
>> Not much you can do to stop the
>> portscans.
> Like hell there isn't. F-I-R-E-W-A-L-L.
Agreed... they "block" the port scans... but they don't "stop" it
(which was my point). The portscans will continue for as long as the
trojan/scanner/scumoftheearth is running.
> > > SNMP goes to ports 16
On Wed, 14 Jul 2004, Mohit Muthanna wrote:
> > > Subject: [Full-Disclosure] SNMPBroadcasts
> >
> > SNMP doesn't "broadcast"
>
> Sure it does. Most older "default" SNMP devices broadcast traps. This
> is so that any SNMP manager on the network can collect the traps for a
> specified SNMP community
> > Subject: [Full-Disclosure] SNMPBroadcasts
>
> SNMP doesn't "broadcast"
Sure it does. Most older "default" SNMP devices broadcast traps. This
is so that any SNMP manager on the network can collect the traps for a
specified SNMP community. This is also so that the SNMP enabled device
can just be
On Tue, 13 Jul 2004, BillyBob wrote:
> From: BillyBob <[EMAIL PROTECTED]>
Hello Mr. Knob,
> Subject: [Full-Disclosure] SNMPBroadcasts
SNMP doesn't "broadcast"
> For the past 12 hours my external IP has been bombarded with SNMP
"Bombarded"? Below you state it was only "several per second".
For the past 12 hours my external IP has been bombarded with SNMP
Broadcasts, I have sent complaints to my ISP and the ISP of the originating
IP.
The attacking IP must have some sort of worm or automated script to go
through all the port numbers as his remote port starts at 60001 and goes up
to 640
17 matches
Mail list logo
