From 08e936ba06f336988b41f4cd5a04479655d34ab3 Mon Sep 17 00:00:00 2001 From: Theo de Raadt Date: Sun, 18 Mar 2001 23:30:56 +0000 Subject: specifically version match on ssh scanners. do not log scan information to the console, because clueless users freak out when people do completely legal probes. instead, generate a detailed log file entry and use british humour to relax their sphincters a little bit. --- usr.bin/ssh/compat.c | 4 +++- usr.bin/ssh/compat.h | 3 ++- usr.bin/ssh/sshd.c | 8 +++++++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/usr.bin/ssh/compat.c b/usr.bin/ssh/compat.c index 16c5c926814..bb7c9c927f3 100644 --- a/usr.bin/ssh/compat.c +++ b/usr.bin/ssh/compat.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.38 2001/03/10 15:31:00 deraadt Exp $"); +RCSID("$OpenBSD: compat.c,v 1.39 2001/03/18 23:30:55 deraadt Exp $"); #include @@ -89,6 +89,8 @@ compat_datafellows(const char *version) { "^OSU_1\\.[0-4]", SSH_BUG_PASSWORDPAD }, { "^OSU_1\\.5alpha[1-3]", SSH_BUG_PASSWORDPAD }, + { "^SSH_Version_Mapper", + SSH_BUG_SCANNER }, { NULL, 0 } }; /* process table, return first match */ diff --git a/usr.bin/ssh/compat.h b/usr.bin/ssh/compat.h index a1fdbe764b7..41d6af0fb7c 100644 --- a/usr.bin/ssh/compat.h +++ b/usr.bin/ssh/compat.h @@ -21,7 +21,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("$OpenBSD: compat.h,v 1.17 2001/03/10 15:31:00 deraadt Exp $"); */ +/* RCSID("$OpenBSD: compat.h,v 1.18 2001/03/18 23:30:55 deraadt Exp $"); */ #ifndef COMPAT_H #define COMPAT_H @@ -42,6 +42,7 @@ #define SSH_BUG_IGNOREMSG 0x0100 #define SSH_BUG_PKOK 0x0200 #define SSH_BUG_PASSWORDPAD 0x0400 +#define SSH_BUG_SCANNER 0x0800 void enable_compat13(void); void enable_compat20(void); diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 26b2d3a330a..0a38665ee13 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.174 2001/03/09 12:30:29 deraadt Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.175 2001/03/18 23:30:55 deraadt Exp $"); #include #include @@ -372,6 +372,12 @@ sshd_exchange_identification(int sock_in, int sock_out) compat_datafellows(remote_version); + if (datafellows & SSH_BUG_SCANNER) { + log("scanned from %s with %s. Don't panic.", + get_remote_ipaddr(), client_version_string); + fatal_cleanup(); + } + mismatch = 0; switch(remote_major) { case 1: -- cgit v1.2.3