[19130] in bugtraq
ssh protocol vulnerability scanning
daemon@ATHENA.MIT.EDU (Niels Provos)
Mon Feb 12 13:41:36 2001
Message-Id: <20010211183805.5B0B3207C3@citi.umich.edu>
Date: Sun, 11 Feb 2001 13:38:05 -0500
Reply-To: provos@CITI.UMICH.EDU
From: Niels Provos <provos@CITI.UMICH.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
Hi,
recent security problems in ssh protocol implementations require that
vulnerable ssh protocol servers be upgraded. As an administrator of a
large network, it can be difficult to efficiently determine which
implementations of the ssh protocols are running on a network.
To solve this problem, I wrote the ScanSSH protocol scanner. It
supports very fast and flexible scanning of large networks.
You can obtain the latest version from
http://www.monkey.org/~provos/scanssh/
The ScanSSH protocol scanner is distributed under a BSD-license and
completely free for any use including commercial. It has the
following features:
- fast scanning of large networks
- unique random address generation
- network exclusion lists
The resulting output contains the version of the running ssh protocol
servers:
10.1.12.23 <timeout>
10.1.90.80 SSH-1.5-OpenSSH_2.3.2
10.1.87.85 SSH-1.5-1.2.27
10.1.35.139 <timeout>
10.1.11.92 <timeout>
10.1.84.7 SSH-1.5-OpenSSH_2.3.0
10.1.19.41 SSH-1.5-1.2.26
10.1.29.65 SSH-1.5-OpenSSH_2.3.2
10.1.14.1 SSH-1.5-OpenSSH_2.3.2
10.1.15.71 SSH-1.5-1.2.26
If you are responsible for a large network, this tool allows you to
scan your network frequently. After scanning, for example, the output
can be piped through
"|grep -i ssh |grep -v "OpenSSH_2.3.[02]"
to find ssh protocol servers that need to be upgraded.
Regards,
Niels Provos.
