-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well that is the case with most of the network applications except apache (the ones I encountered) , however there is tool called Languard port scanner which can show you host responses,(relly kneet), If it bothers you I'm sure you can always download the ssh source code and change that response (just search for the string....) TheOg Liran Cohen e-mail:LiranCat_private Tel. office:+972-9-9709387 FAX.:+972-9-9709365 Tel. mobile:+972-54-898817 - -----Original Message----- From: quentynat_private [mailto:quentynat_private] Sent: Monday, September 03, 2001 6:53 PM To: m.v.berkumat_private Cc: vuln Subject: Re: SSH 2.4.0/3.0.1 usernames guessable ? This does appear to be the default in both configs I saw this in ssh2.40 an assumed that I was going mad ;o) (then promptly forgot about it) I can confirm your results in rh 6.2 - 7.1 you could set PasswordGuesses 3 to 1 (annoying) in the /etc/sshd2/sshd_config I would report this to the people at ssh.com as they will respond (in my experience) quickly Q - -- ##################### Quentyn Taylor Sysadmin - Fotango ##################### "Usenet is like a herd of performing elephants with diarrhea -- massive, difficult to redirect, awe-inspiring, entertaining, and a source of mind- boggling amounts of excrement when you least expect it." Gene "spaf" Spafford (1992) -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO5SoqyXZhGjHgDflEQJL0wCg1+l4lhW7Rp8G6UWhYqyOKd2AhIEAoOcU n7QiDmStlHG7IayMlqIrSNYU =evV0 -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Tue Sep 04 2001 - 08:36:07 PDT