diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2001-03-18 23:30:56 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2001-03-18 23:30:56 +0000 |
| commit | 08e936ba06f336988b41f4cd5a04479655d34ab3 (patch) | |
| tree | dcc675d21ffedaa9844f5de16d0ec7e1e5ec18ef | |
| parent | 9136b3024c220bb437eb2b36de6f1f97d0e556fc (diff) | |
specifically version match on ssh scanners. do not log scan information
to the console, because clueless users freak out when people do completely
legal probes. instead, generate a detailed log file entry and use british
humour to relax their sphincters a little bit.
| -rw-r--r-- | usr.bin/ssh/compat.c | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/compat.h | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.c | 8 |
3 files changed, 12 insertions, 3 deletions
diff --git a/usr.bin/ssh/compat.c b/usr.bin/ssh/compat.c index 16c5c926814..bb7c9c927f3 100644 --- a/usr.bin/ssh/compat.c +++ b/usr.bin/ssh/compat.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.38 2001/03/10 15:31:00 deraadt Exp $"); +RCSID("$OpenBSD: compat.c,v 1.39 2001/03/18 23:30:55 deraadt Exp $"); #include <regex.h> @@ -89,6 +89,8 @@ compat_datafellows(const char *version) { "^OSU_1\\.[0-4]", SSH_BUG_PASSWORDPAD }, { "^OSU_1\\.5alpha[1-3]", SSH_BUG_PASSWORDPAD }, + { "^SSH_Version_Mapper", + SSH_BUG_SCANNER }, { NULL, 0 } }; /* process table, return first match */ diff --git a/usr.bin/ssh/compat.h b/usr.bin/ssh/compat.h index a1fdbe764b7..41d6af0fb7c 100644 --- a/usr.bin/ssh/compat.h +++ b/usr.bin/ssh/compat.h @@ -21,7 +21,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("$OpenBSD: compat.h,v 1.17 2001/03/10 15:31:00 deraadt Exp $"); */ +/* RCSID("$OpenBSD: compat.h,v 1.18 2001/03/18 23:30:55 deraadt Exp $"); */ #ifndef COMPAT_H #define COMPAT_H @@ -42,6 +42,7 @@ #define SSH_BUG_IGNOREMSG 0x0100 #define SSH_BUG_PKOK 0x0200 #define SSH_BUG_PASSWORDPAD 0x0400 +#define SSH_BUG_SCANNER 0x0800 void enable_compat13(void); void enable_compat20(void); diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 26b2d3a330a..0a38665ee13 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.174 2001/03/09 12:30:29 deraadt Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.175 2001/03/18 23:30:55 deraadt Exp $"); #include <openssl/dh.h> #include <openssl/bn.h> @@ -372,6 +372,12 @@ sshd_exchange_identification(int sock_in, int sock_out) compat_datafellows(remote_version); + if (datafellows & SSH_BUG_SCANNER) { + log("scanned from %s with %s. Don't panic.", + get_remote_ipaddr(), client_version_string); + fatal_cleanup(); + } + mismatch = 0; switch(remote_major) { case 1: |