Hi
Since you are talking about all this ... What's the best way to see if your
machine has been scanned? Just look at the logs? Are there any GNU or
OpenSource tools to check this out? We are running some Linux (redhat and
slackware) and some Sun SparcStations ... I work at a non-for-profit
organization, so we cannot afford any commercial tool...
Thanks and excuse this a-little-off-topic-question ... :-)
/B
Bruno Mattarollo <[EMAIL PROTECTED]>
... proud to be a PSA member <http://www.python.org/psa>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Scott
> Adkins
> Sent: Tuesday, April 13, 1999 9:19 AM
> To: SSH Mailing List
> Subject: Re: Scaning of sshd
>
>
> James Thompson writes:
> > On Mon, 12 Apr 1999, Chuck Milam wrote:
> > >
> > > Find out what services each machine is running, and then
> begin trying out
> > > known exploits for the services that were discovered.
> > >
> >
> > That's what bothers me. There aren't any know exploits for any remotely
> > recent sshd. Are there?
>
> The point Chuck was trying to make is that scanners typically
> scan all the
> ports of a machine below 1024, determine what services are on the
> ports that
> actually have something and then go from there. It isn't
> uncommon for admins
> to move services around, such as ssh to some other port or whatever... so,
> there is no reason to exclude port 22 because it is "commonly"
> used for ssh.
> If they discover ssh running on port 22, it is simply more
> information for
> them about your machine, that is all.
>
> Scott
> --
>
> +-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-
> =-=-=-=-=-+
> Scott W. Adkins
http://www.cns.ohiou.edu/~sadkins/
(740)593-9478 mailto:[EMAIL PROTECTED]
+-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-
+
CNS, HDL Center, Suite 301, Ohio University, Athens, OH 45701-2979
