SSH server protocol mismatch detection 1.3
 
Plugin ID155
Plugin nameSSH server protocol mismatch detection
Plugin filenameSSH server protocol mismatch detection.plugin
Plugin filesize3303 bytes
Plugin familyEnumeration
Plugin created nameMarc Ruef
Plugin created emailmarc dot ruef at computec dot ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2004/09/06
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/11/13
Plugin version1.3
Plugin changelogAdded NetRecon rating in version 1.2. Corrected the plugin structure and added the accuracy values in 1.3
Plugin protocoltcp
Plugin port22
Plugin procedure detectionopen|send \n|sleep|close|pattern_exists Protocol mismatch.
Plugin detection accuracy90
Plugin commentThis ATK is more accurate than most of the other known vulnerability scanners.
Bug affectedSSH daemons (especially OpenSSH)
Bug not affectedSSH daemons 2.0-3.2.3 and other remote-control solutions
Bug vulnerability classConfiguration
Bug descriptionThe remote host is running a SSH daemon (secure shell). This could be determined by opening a tcp connection, sending a simple command and looking for a pattern that indicates the use of a wrong protocol (usually is this "Protocol mismatch"). An attacker may use this information to start further enumeration or attacks on the target host. It may also be possible that this SSH server is an unwanted backdoor.
Bug solutionIf the SSH server is unused, de-install or de-activate it. If this is not possible, upgrade your SSH server to the latest version to prevent to be vulnerable to known bugs. Try to install the SSH server to another port to make portscanning on default ports harder. Also limit unwanted connections and communications with firewalling.
Bug fixing timeApprox. 45 minutes
Bug exploit availabilityYes
Bug exploit urlhttp://www.rapid7.com/Product-Download.html
Bug remoteYes
Bug localYes
Bug severityLow
Bug popularity7
Bug simplicity6
Bug impact3
Bug risk5
Bug Symantec NetRecon rating19
Bug check toolsMost security scanners are able to do similar checks.
Source CVECVE-2001-0080
Source ISS X-Force ID5760
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.