[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] SNMP Broadcasts
- To: "J.A. Terranson" <measl@xxxxxxx>
- Subject: Re: [Full-Disclosure] SNMP Broadcasts
- From: Barry Fitzgerald <bkfsec@xxxxxxxxxxxxxxxx>
- Date: Fri, 16 Jul 2004 16:31:56 -0400
J.A. Terranson wrote:
Agreed. It is the SSH protocol, but it is not the SSH *service*. It
violates the standard (as you note).
If I write a trojan that uses HTTP to process requests, then park it on
31337, I do not have an HTTP serv(er|ice). I have a trojan which happens
to use the HTTP protocol.
Agreed to the example above as it's a trojan, not an HTTP server, but if
you take Apache and assign it to port 8081, you do have an HTTP server
running on that port. The distinction is one of intent and design, not
technicality.
No, not at all. There's a big difference between a *standardized service*
and it's underlying protocols. In order to be SSH, it must comply with
all of the standards for SSH. Otherwise, you get a M$ Windows product.
Yes, and not all standard subsections are of equal value. Making the
distinction based on bound port is, frankly, stupid.
I understood that risk during the first post, and deliberately made note
of that.
So you knew you were wrong but said it anyway?
As a non member of the appropriate standards bodies, what I would like is
irrelevant. If you assess a site, and report that they have ssh running
on port 31337, you are not providing factual data - you are providing an
uninformed opinon, which is *wrong*.
Actually, please point me to the SSH standard document and section that
lists that sshd *must* run on TCP port 22 to be a valid SSH server.
My point about standards compliance in the last mail made the assumption
that bound port was defined at all in the standard. Doing a quick
review of the IETF Secure Shell standard draft, I can't see any mention
of it at all.
Barring your ability to provide this information, I'll accept your
forfeit of the argument.
Saying what you said above is counterproductive and will only serve to
confuse people. Perhaps you should wratchet up your pedantic nature and
instead of saying that it's "not SSH because it's on the wrong port" say
"it's non-compliant SSH because it's on the wrong port".
Except for you, I think everyone else *got* the point.
That's funny - other people are arguing against you on this issue.
Making yourself feel like the world is on your side may make you feel
good... but you're not fooling me with a stupid remark like that.
Then I'm being difficult. But in the end, this is my attempt to realign
your thinking on it. That you are immobile is not something I can help.
I'm not the immobile one here.
-Barry
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html