Return-Path: <security-internal-request@MIT.EDU>
Received: from grand-central-station.MIT.EDU by po12.mit.edu (8.9.2/4.7) id NAA25089; Mon, 12 Feb 2001 13:08:35 -0500 (EST)
Received: from melbourne-city-street.MIT.EDU (MELBOURNE-CITY-STREET.MIT.EDU [18.69.0.45]) by grand-central-station.MIT.EDU (8.9.2/8.9.2) with ESMTP id NAA27539 for <security-internal@MIT.EDU>; Mon, 12 Feb 2001 13:07:58 -0500 (EST)
Received: from tiramisu.lcs.mit.edu (tiramisu.lcs.mit.edu [18.26.4.96]) by melbourne-city-street.MIT.EDU (8.9.3/8.9.2) with ESMTP id NAA01085 for <security-internal@MIT.EDU>; Mon, 12 Feb 2001 13:07:58 -0500 (EST)
Received: by tiramisu.lcs.mit.edu (8.8.7/4.7) id NAA11085; Mon, 12 Feb 2001 13:08:04 -0500
Message-Id: <200102121808.NAA11085@tiramisu.lcs.mit.edu>
To: security-internal@mit.edu
Subject: Niels Provos: [BUGTRAQ] ssh protocol vulnerability scanning
Date: Mon, 12 Feb 2001 13:08:04 EST
From: Kevin Fu <fubob@MIT.EDU>
X-Evolution: 0000008b-0000

This may be of interest.

BTW, if you want to meet Niels, he's staying at my place March
10-13.  Dug Song may or may not be here too.

--------
Kevin E. Fu (fubob@mit.edu)
PGP key: https://snafu.fooworld.org/~fubob/pgp.html

------- Forwarded Message
Date:         Sun, 11 Feb 2001 13:38:05 -0500
Reply-To: provos@CITI.UMICH.EDU
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Niels Provos <provos@CITI.UMICH.EDU>
Subject:      [BUGTRAQ] ssh protocol vulnerability scanning
To: BUGTRAQ@SECURITYFOCUS.COM

Hi,

recent security problems in ssh protocol implementations require that
vulnerable ssh protocol servers be upgraded.  As an administrator of a
large network, it can be difficult to efficiently determine which
implementations of the ssh protocols are running on a network.

To solve this problem, I wrote the ScanSSH protocol scanner.  It
supports very fast and flexible scanning of large networks.

You can obtain the latest version from

   http://www.monkey.org/~provos/scanssh/

The ScanSSH protocol scanner is distributed under a BSD-license and
completely free for any use including commercial.  It has the
following features:

	- fast scanning of large networks
        - unique random address generation
        - network exclusion lists

The resulting output contains the version of the running ssh protocol
servers:

10.1.12.23 <timeout>
10.1.90.80 SSH-1.5-OpenSSH_2.3.2
10.1.87.85 SSH-1.5-1.2.27
10.1.35.139 <timeout>
10.1.11.92 <timeout>
10.1.84.7 SSH-1.5-OpenSSH_2.3.0
10.1.19.41 SSH-1.5-1.2.26
10.1.29.65 SSH-1.5-OpenSSH_2.3.2
10.1.14.1 SSH-1.5-OpenSSH_2.3.2
10.1.15.71 SSH-1.5-1.2.26

If you are responsible for a large network, this tool allows you to
scan your network frequently.  After scanning, for example, the output
can be piped through

    "|grep -i ssh |grep -v "OpenSSH_2.3.[02]"

to find ssh protocol servers that need to be upgraded.

Regards,
 Niels Provos.

------- End of Forwarded Message