From owner-freebsd-stable Fri Mar 23 20:36:47 2001 Delivered-To: freebsd-stable@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-43.dsl.lsan03.pacbell.net [63.207.60.43]) by hub.freebsd.org (Postfix) with ESMTP id 5C4D837B719 for ; Fri, 23 Mar 2001 20:36:44 -0800 (PST) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id C008466C3B; Fri, 23 Mar 2001 20:36:43 -0800 (PST) Date: Fri, 23 Mar 2001 20:36:43 -0800 From: Kris Kennaway To: "Duwde (Fabio V. Dias)" Cc: freebsd-stable@FreeBSD.ORG Subject: Re: sshd revealing too much stuff. Message-ID: <20010323203643.A28772@xor.obsecurity.org> References: <3ABC1CE3.F9486F2D@duwde.com.br> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="mP3DRpeJDSE+ciuQ" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3ABC1CE3.F9486F2D@duwde.com.br>; from duwde@duwde.com.br on Sat, Mar 24, 2001 at 01:04:52AM -0300 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --mP3DRpeJDSE+ciuQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sat, Mar 24, 2001 at 01:04:52AM -0300, Duwde (Fabio V. Dias) wrote: > Why this "green@FreeBSD.org 20010321" has been added ? To indicate that it's not stock OpenSSH 2.3.0 and therefore doesn't have the security problems which the stock OpenSSH 2.3.0 has. > With that, there is no need for OS Fingerprinting. > You've got the OS that the host is running AND > its sshd EXACT date of last modification by freebsd team. Sorry, but I find it difficult to consider this a problem..OS fingerprinting is trivial in so many ways. Kris --mP3DRpeJDSE+ciuQ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6vCRbWry0BWjoQKURAqfnAJ4vQU+rpykl21jNFxYSbvE/rNs4KgCgnjbV GcjDvHS8Ef05HmzNoqPr3e0= =80PU -----END PGP SIGNATURE----- --mP3DRpeJDSE+ciuQ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message