Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: SNMP Broadcasts
From: Barry Fitzgerald <bkfsec () sdf lonestar org>
Date: Fri, 16 Jul 2004 16:31:56 -0400

J.A. Terranson wrote:

Agreed.  It is the SSH protocol, but it is not the SSH *service*.  It
violates the standard (as you note).

If I write a trojan that uses HTTP to process requests, then park it on
31337, I do not have an HTTP serv(er|ice).  I have a trojan which happens
to use the HTTP protocol.

Agreed to the example above as it's a trojan, not an HTTP server, but if you take Apache and assign it to port 8081, you do have an HTTP server running on that port. The distinction is one of intent and design, not technicality.

No, not at all.  There's a big difference between a *standardized service*
and it's underlying protocols.  In order to be SSH, it must comply with
all of the standards for SSH.  Otherwise, you get a M$ Windows product.

Yes, and not all standard subsections are of equal value. Making the distinction based on bound port is, frankly, stupid.

I understood that risk during the first post, and deliberately made note
of that.

So you knew you were wrong but said it anyway?

As a non member of the appropriate standards bodies, what I would like is
irrelevant.  If you assess a site, and report that they have ssh running
on port 31337, you are not providing factual data - you are providing an
uninformed opinon, which is *wrong*.

Actually, please point me to the SSH standard document and section that lists that sshd *must* run on TCP port 22 to be a valid SSH server. My point about standards compliance in the last mail made the assumption that bound port was defined at all in the standard. Doing a quick review of the IETF Secure Shell standard draft, I can't see any mention of it at all.

Barring your ability to provide this information, I'll accept your forfeit of the argument.

Saying what you said above is counterproductive and will only serve to
confuse people.  Perhaps you should wratchet up your pedantic nature and
instead of saying that it's "not SSH because it's on the wrong port" say
"it's non-compliant SSH because it's on the wrong port".

Except for you, I think everyone else *got* the point.
That's funny - other people are arguing against you on this issue.

Making yourself feel like the world is on your side may make you feel good... but you're not fooling me with a stupid remark like that.

Then I'm being difficult.  But in the end, this is my attempt to realign
your thinking on it.  That you are immobile is not something I can help.

I'm not the immobile one here.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]