Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

heads up: scanssh modifications made public
From: Jose Nazario <jose () monkey org>
Date: Wed, 10 Jul 2002 00:31:34 -0400 (EDT)
this is a heads up to the incidents people (and related @cert and @sans)
to let you know i have released some modifications i made to niels
provos' scanssh tool. i made the modifications last fall against version
1.2a of his scanssh code. the changes add scanning for telnetd and rshd,
in addition to sshd, to assist network administrators and authorized
personelle to more fully audit their login methods on their networks.

the biggest change i want people here to know about is the ssh version
string change:

        SSH-1.1-SSH_Telnet_RSH_Version_Mapper

if you see this its a clear indication that this modified tool has been
used. it only looks for a valid connection, sends this string, and then
closes the connection. no other data is exchanged, nothing is logged aside
from the true or false for a connection for that IP.

thanks.

___________________________
jose nazario, ph.d.                     jose () monkey org
                                        http://www.monkey.org/~jose/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

  By Date           By Thread  

Current thread:
  • heads up: scanssh modifications made public Jose Nazario (Jul 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]