OpenSSH daemon detection 1.1
 
Plugin ID210
Plugin nameOpenSSH daemon detection
Plugin filenameOpenSSH daemon detection.plugin
Plugin filesize2949 bytes
Plugin familyEnumeration
Plugin created nameMarc Ruef
Plugin created emailmarc dot ruef at computec dot ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2004/09/13
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/11/13
Plugin version1.1
Plugin changelogCorrected the plugin structure and added the accuracy values in 1.1
Plugin protocoltcp
Plugin port22
Plugin procedure detectionopen|sleep|close|pattern_exists -OpenSSH
Plugin detection accuracy90
Plugin commentThis plugin was written with the ATK Attack Editor.
Bug affectedOpenSSH
Bug not affectedOther SSH daemons or solutions
Bug vulnerability classConfiguration
Bug descriptionThe remote host is running an OpenSSH daemon (secure shell). This could be determined by opening a tcp connection and grabbing the banner. An attacker may use this information to start further enumeration or attacks on the target host. It may also be possible that this OpenSSH server is an unwanted backdoor.
Bug solutionIf the SSH server is unused, de-install or de-activate it. If this is not possible, upgrade your SSH server to the latest version to prevent to be vulnerable to known bugs. Try to install the SSH server to another port to make portscanning on default ports harder. Also limit unwanted connections and communications with firewalling.
Bug fixing timeApprox. 45 minutes
Bug exploit availabilityYes
Bug exploit urlhttp://www.rapid7.com/Product-Download.html
Bug remoteYes
Bug localYes
Bug severityLow
Bug popularity5
Bug simplicity7
Bug impact4
Bug risk5
Bug Symantec NetRecon rating39
Bug check toolsMost security scanners are able to do similar checks.
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0872

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.