On Wed, 2003-10-08 at 11:51, Renaud Deraison wrote:
> On Wed, Oct 08, 2003 at 11:44:10AM -0400, Christopher Harrington wrote:
> > All,
> >
> > I am getting false positives on SSH ports. I have a Cisco router using
> > SSH that is being identified as RPC service 1.5 and a Linux box running
> > SSH that is being identified as RPC 2.0. The plugin responsible for
> > both is #10336 according to the .nbe output file. I understand this to
> > be NMAP. So NMAP must be grabbing the banner. I am using NMAP verison
> > 3.45 and Nessus 2.0.7.
>
> Can you send us the exact extract from the report ?
Here is the router portion of the report. Something is really strange
here as the banner grabs are coming thru correctly. I am also getting
false positives for both RPC 1.5 and 2.0 on the same router.
If need be I can send you the NBE or HTML output from the test, or open
up the SSH port to your IP and see what you get for results.
Thanks for your help.
--Chris
Cisco 2600 router resluts for SSH scan.
ssh (22/tcp) Info Port is open general/udp
ssh (22/tcp) Low The RPC service protocol 1.5 is running on this
port. If you do not use it, disable it, as it is
a potential
security risk
ssh (22/tcp) Low The remote SSH daemon supports connections made
using the version 1.33 and/or 1.5 of the SSH
protocol.
These protocols are not completely
cryptographically safe so they
should not be used.
Solution :
If you use OpenSSH, set the option 'Protocol' to
'2'
If you use SSH.com's set the option
'Ssh1Compatibility' to 'no'
ssh (22/tcp) Low The RPC service protocol 2.0 is running on this
port
If you do not use it, disable it, as it is a potential security
risk
ssh (22/tcp) Low The remote SSH daemon supports the following
versions of the SSH protocol :
. 1.33
. 1.5
. 1.99
ssh (22/tcp) Low An ssh server is running on this port
ssh (22/tcp) Low Remote SSH version : SSH-1.5-Cisco-1.25
