[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] SNMP Broadcasts
- To: Barry Fitzgerald <bkfsec@xxxxxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] SNMP Broadcasts
- From: "J.A. Terranson" <measl@xxxxxxx>
- Date: Fri, 16 Jul 2004 15:06:53 -0500 (CDT)
On Fri, 16 Jul 2004, Barry Fitzgerald wrote:
> J.A. Terranson wrote:
>
> >>Oh, I get it. So if root executes "sshd -p 45522" --this is not
> >>*technically* ssh, right?
> >>
> >>
> >
> >If sshd is running on 45522 it's a back door Marty :-) And no, in this
> >case, pedantic or not, it's not "ssh" as is commonly accepted.
> I disagree. It may not be completely standard compliant (in so far as
> the standard assigns a common usage port), but it sure as hell is the
> SSH protocol.
Agreed. It is the SSH protocol, but it is not the SSH *service*. It
violates the standard (as you note).
If I write a trojan that uses HTTP to process requests, then park it on
31337, I do not have an HTTP serv(er|ice). I have a trojan which happens
to use the HTTP protocol.
> When you say "that's running on this port, but it's not SSH" you're not
> sending the message to people that it's not SSH because it has to be
> compliant, you're sending the message to people that it's *not the SSH
> protocol at all*...
No, not at all. There's a big difference between a *standardized service*
and it's underlying protocols. In order to be SSH, it must comply with
all of the standards for SSH. Otherwise, you get a M$ Windows product.
> I think the fact that you're being pedantic with this issue confuses the
> point
I understood that risk during the first post, and deliberately made note
of that.
> and is, pretty much, worthless. No one, frankly, gives a sh*t if
> you consider it to not be SSH because it's not on the port that makes
> you happy
As a non member of the appropriate standards bodies, what I would like is
irrelevant. If you assess a site, and report that they have ssh running
on port 31337, you are not providing factual data - you are providing an
uninformed opinon, which is *wrong*.
> Saying what you said above is counterproductive and will only serve to
> confuse people. Perhaps you should wratchet up your pedantic nature and
> instead of saying that it's "not SSH because it's on the wrong port" say
> "it's non-compliant SSH because it's on the wrong port".
Except for you, I think everyone else *got* the point.
> Otherwise it's a case of the pot calling the kettle black.
>
> -Barry
>
> p.s. This is the end of that issue as far as I'm concerned. If you
> continue to claim that it's "not the SSH protocol", you're just being
> difficult.
Then I'm being difficult. But in the end, this is my attempt to realign
your thinking on it. That you are immobile is not something I can help.
--
Yours,
J.A. Terranson
sysadmin@xxxxxxx
0xBD4A95BF
"...justice is a duty towards those whom you love and those whom you do
not. And people's rights will not be harmed if the opponent speaks out
about them." Osama Bin Laden
- - -
"There aught to be limits to freedom!" George Bush
- - -
Which one scares you more?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html