this is a heads up to the incidents people (and related cert and sans)
to let you know i have released some modifications i made to niels
provos' scanssh tool. i made the modifications last fall against version
1.2a of his scanssh code. the changes add scanning for telnetd and rshd,
in addition to sshd, to assist network administrators and authorized
personelle to more fully audit their login methods on their networks.

the biggest change i want people here to know about is the ssh version
string change:

        SSH-1.1-SSH_Telnet_RSH_Version_Mapper

if you see this its a clear indication that this modified tool has been
used. it only looks for a valid connection, sends this string, and then
closes the connection. no other data is exchanged, nothing is logged aside
from the true or false for a connection for that IP.

thanks.

___________________________
jose nazario, ph.d. josemonkey.org
                                        http://www.monkey.org/~jose/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]