Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: SNMP Broadcasts
From: "J.A. Terranson" <measl () mfn org>
Date: Fri, 16 Jul 2004 15:06:53 -0500 (CDT)

On Fri, 16 Jul 2004, Barry Fitzgerald wrote:

J.A. Terranson wrote:

Oh, I get it.  So if root executes "sshd -p 45522"  --this is not
*technically* ssh, right?

If sshd is running on 45522 it's a back door Marty :-)  And no, in this
case, pedantic or not, it's not "ssh" as is commonly accepted.

I disagree.  It may not be completely standard compliant (in so far as
the standard assigns a common usage port), but it sure as hell is the
SSH protocol.

Agreed.  It is the SSH protocol, but it is not the SSH *service*.  It
violates the standard (as you note).

If I write a trojan that uses HTTP to process requests, then park it on
31337, I do not have an HTTP serv(er|ice).  I have a trojan which happens
to use the HTTP protocol.

When you say "that's running on this port, but it's not SSH" you're not
sending the message to people that it's not SSH because it has to be
compliant, you're sending the message to people that it's *not the SSH
protocol at all*...

No, not at all.  There's a big difference between a *standardized service*
and it's underlying protocols.  In order to be SSH, it must comply with
all of the standards for SSH.  Otherwise, you get a M$ Windows product.

I think the fact that you're being pedantic with this issue confuses the

I understood that risk during the first post, and deliberately made note
of that.

and is, pretty much, worthless.  No one, frankly, gives a sh*t if
you consider it to not be SSH because it's not on the port that makes
you happy

As a non member of the appropriate standards bodies, what I would like is
irrelevant.  If you assess a site, and report that they have ssh running
on port 31337, you are not providing factual data - you are providing an
uninformed opinon, which is *wrong*.

Saying what you said above is counterproductive and will only serve to
confuse people.  Perhaps you should wratchet up your pedantic nature and
instead of saying that it's "not SSH because it's on the wrong port" say
"it's non-compliant SSH because it's on the wrong port".

Except for you, I think everyone else *got* the point.

Otherwise it's a case of the pot calling the kettle black.


p.s. This is the end of that issue as far as I'm concerned.  If you
continue to claim that it's "not the SSH protocol", you're just being

Then I'm being difficult.  But in the end, this is my attempt to realign
your thinking on it.  That you are immobile is not something I can help.


J.A. Terranson
sysadmin () mfn org

  "...justice is a duty towards those whom you love and those whom you do
  not.  And people's rights will not be harmed if the opponent speaks out
  about them."      Osama Bin Laden
        - - -

  "There aught to be limits to freedom!"    George Bush
        - - -

Which one scares you more?

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]