Re: SSH 2.4.0/3.0.1 usernames guessable ?

• Previous message: Marco van Berkum: "Re: SSH 2.4.0/3.0.1 usernames guessable ?"
• In reply to: Liran Cohen: "RE: SSH 2.4.0/3.0.1 usernames guessable ?"
• Next in thread: Marco van Berkum: "Re: SSH 2.4.0/3.0.1 usernames guessable ?"
• Next in thread: quentynat_private: "Re: SSH 2.4.0/3.0.1 usernames guessable ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Liran Cohen wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Well that is the case with most of the network applications except
> apache (the ones I encountered) , however there is tool called
> Languard port scanner which can show you host responses,(relly
> kneet), If it bothers you I'm sure you can always download the ssh
> source code and change that response (just search for the string....)
>

Sure, or try OpenSSH or SSH 3.0.1.
I'm still not entirely sure of 3.0.1, I hear some vuln, some not ??
Can someone doubletest this plz?

grtz,
Marco van Berkum
--
GCC dpu s:--- a- C+++ US++++ P++ L+++ E---- W N o-- K w---
O- M-- V-- PS+++ PE-- Y+ PGP--- t--- 5 X R* tv++ b+++ DI-- D----
G++ e- h+ r y*
+---------------------+------------------+-------------------+
|  Marco van Berkum   |   MB17300-RIPE   | Security Engineer |
|  http://ws.obit.nl  | "Chernobyl used  | Network Admin     |
|  m.v.berkumat_private |     Windows"     |      UNIX         |
+---------------------+------------------+-------------------+

• Next message: Marco van Berkum: "Re: SSH 2.4.0/3.0.1 usernames guessable ?"
• Previous message: Marco van Berkum: "Re: SSH 2.4.0/3.0.1 usernames guessable ?"
• In reply to: Liran Cohen: "RE: SSH 2.4.0/3.0.1 usernames guessable ?"
• Next in thread: Marco van Berkum: "Re: SSH 2.4.0/3.0.1 usernames guessable ?"
• Next in thread: quentynat_private: "Re: SSH 2.4.0/3.0.1 usernames guessable ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 04 2001 - 08:38:31 PDT