lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040716145756.E20266@ubzr.zsa.bet>
From: measl at mfn.org (J.A. Terranson)
Subject: SNMP Broadcasts

On Fri, 16 Jul 2004, Barry Fitzgerald wrote:

> J.A. Terranson wrote:
>
> >>Oh, I get it.  So if root executes "sshd -p 45522"  --this is not
> >>*technically* ssh, right?
> >>
> >>
> >
> >If sshd is running on 45522 it's a back door Marty :-)  And no, in this
> >case, pedantic or not, it's not "ssh" as is commonly accepted.

> I disagree.  It may not be completely standard compliant (in so far as
> the standard assigns a common usage port), but it sure as hell is the
> SSH protocol.

Agreed.  It is the SSH protocol, but it is not the SSH *service*.  It
violates the standard (as you note).

If I write a trojan that uses HTTP to process requests, then park it on
31337, I do not have an HTTP serv(er|ice).  I have a trojan which happens
to use the HTTP protocol.

> When you say "that's running on this port, but it's not SSH" you're not
> sending the message to people that it's not SSH because it has to be
> compliant, you're sending the message to people that it's *not the SSH
> protocol at all*...

No, not at all.  There's a big difference between a *standardized service*
and it's underlying protocols.  In order to be SSH, it must comply with
all of the standards for SSH.  Otherwise, you get a M$ Windows product.


> I think the fact that you're being pedantic with this issue confuses the
> point

I understood that risk during the first post, and deliberately made note
of that.

> and is, pretty much, worthless.  No one, frankly, gives a sh*t if
> you consider it to not be SSH because it's not on the port that makes
> you happy

As a non member of the appropriate standards bodies, what I would like is
irrelevant.  If you assess a site, and report that they have ssh running
on port 31337, you are not providing factual data - you are providing an
uninformed opinon, which is *wrong*.


> Saying what you said above is counterproductive and will only serve to
> confuse people.  Perhaps you should wratchet up your pedantic nature and
> instead of saying that it's "not SSH because it's on the wrong port" say
> "it's non-compliant SSH because it's on the wrong port".

Except for you, I think everyone else *got* the point.

> Otherwise it's a case of the pot calling the kettle black.
>
>           -Barry
>
> p.s. This is the end of that issue as far as I'm concerned.  If you
> continue to claim that it's "not the SSH protocol", you're just being
> difficult.

Then I'm being difficult.  But in the end, this is my attempt to realign
your thinking on it.  That you are immobile is not something I can help.

-- 
Yours,

J.A. Terranson
sysadmin@....org
0xBD4A95BF

  "...justice is a duty towards those whom you love and those whom you do
  not.  And people's rights will not be harmed if the opponent speaks out
  about them."      Osama Bin Laden
	- - -

  "There aught to be limits to freedom!"    George Bush
	- - -

Which one scares you more?


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ