Hi Darren - > Why is it that knowing that it is OpenSSH at a specific version and > patch level is okay but knowing that it is Sun's specific version and > patch level is not ?
One of the most important pieces of information a hacker can have is the OS flavor and version of a remote host. Armed with this knowledge, a hacker can narrow his search for possible vulnerabilities to that specific operating system and version. An SSH ID string with OpenSSH does not give away the underlying OS of the target system. It might be Linux, BSD, System V, AIX, HPUX, Solaris or even Windows. Do a search on "OS fingerprinting" and you'll find tools (checkos, nmap, etc.) which can determine a remote OS and version simply by observing the behavior of the networking stack. But with SunSSH, you don't even need any extra tools because the daemon itself betrays the host OS. When the string changes, it will become even easier to script a version specific attack for the latest Solaris or the FTP, BIND, or other utilities that it installs (or includes on a companion CD). Here are some articles on OS fingerprinting, why it's dangerous and how to try and mask it... http://www.insecure.org/nmap/nmap-fingerprinting-article.html http://www.sans.org/resources/idfaq/tcp_fingerprinting.php http://www.usenix.org/publications/library/proceedings/sec2000/smart.html . Best regards, mikebo This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list [email protected]
