Re: SNMP Broadcasts

["J.A. Terranson" <measl () mfn org>]

On Fri, 16 Jul 2004, Barry Fitzgerald wrote:

> J.A. Terranson wrote:
>
> > > Oh, I get it.  So if root executes "sshd -p 45522"  --this is not
> > > *technically* ssh, right?
> >
> > If sshd is running on 45522 it's a back door Marty :-)  And no, in this
> > case, pedantic or not, it's not "ssh" as is commonly accepted.

> I disagree.  It may not be completely standard compliant (in so far as
> the standard assigns a common usage port), but it sure as hell is the
> SSH protocol.

Agreed.  It is the SSH protocol, but it is not the SSH *service*.  It
violates the standard (as you note).

If I write a trojan that uses HTTP to process requests, then park it on
31337, I do not have an HTTP serv(er|ice).  I have a trojan which happens
to use the HTTP protocol.

> When you say "that's running on this port, but it's not SSH" you're not
> sending the message to people that it's not SSH because it has to be
> compliant, you're sending the message to people that it's *not the SSH
> protocol at all*...

No, not at all.  There's a big difference between a *standardized service*
and it's underlying protocols.  In order to be SSH, it must comply with
all of the standards for SSH.  Otherwise, you get a M$ Windows product.


> I think the fact that you're being pedantic with this issue confuses the
> point

I understood that risk during the first post, and deliberately made note
of that.

> and is, pretty much, worthless.  No one, frankly, gives a sh*t if
> you consider it to not be SSH because it's not on the port that makes
> you happy

As a non member of the appropriate standards bodies, what I would like is
irrelevant.  If you assess a site, and report that they have ssh running
on port 31337, you are not providing factual data - you are providing an
uninformed opinon, which is *wrong*.


> Saying what you said above is counterproductive and will only serve to
> confuse people.  Perhaps you should wratchet up your pedantic nature and
> instead of saying that it's "not SSH because it's on the wrong port" say
> "it's non-compliant SSH because it's on the wrong port".

Except for you, I think everyone else *got* the point.

> Otherwise it's a case of the pot calling the kettle black.
>
>           -Barry
>
> p.s. This is the end of that issue as far as I'm concerned.  If you
> continue to claim that it's "not the SSH protocol", you're just being
> difficult.

Then I'm being difficult.  But in the end, this is my attempt to realign
your thinking on it.  That you are immobile is not something I can help.

-- 
Yours,

J.A. Terranson
sysadmin () mfn org
0xBD4A95BF

  "...justice is a duty towards those whom you love and those whom you do
  not.  And people's rights will not be harmed if the opponent speaks out
  about them."      Osama Bin Laden
        - - -

  "There aught to be limits to freedom!"    George Bush
        - - -

Which one scares you more?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html