Hola de nuevo
La info. que me da el blackice es el siguiente
Event: SSH_Banner_Lemgth
Intruder: luxx.hu
Count: 1
Protocol ID: TCP
Destination Port: 2976
Source port: 22
Intruder ip: 195.xxxxxxxxxx
Severity: 7
Parameter:
protocol=2.0&software=OpenSSH_3.4p1_Debian_1:3.4p1-1.woody.3&pam.ssh.maxBannerLen=32,
Ademas:
2115002 : SecureCRT SSH1 protocol identifier string buffer overflow
la info entregada por la pagina es:
"Event description
VanDyke Software's SecureCRT is a secure access client and multiple platform terminal emulator that provides support for SSH (Secure Shell), Telnet, and other protocols. SecureCRT versions 3.4 and 4.0 Beta are vulnerable to a buffer overflow in the section of code that handles responses from SSH1 servers. By responding with a server identifier string of 40 bytes or more when a SecureCRT client establishes a connection, a remote attacker in control of an SSH server could overflow a buffer and execute code on the vulnerable system.
SSH_Banner_Length
This signature looks at the banner issued by an SSH server at the beginning of a connection. If the banner exceeds pam.ssh.maxBannerLen bytes (default 32) it may be indicative of a malicious SSH server attempting to exploit a buffer overflow in the SecureCRT, or other, SSH client program.
How to remove this vulnerability
Contact VanDyke Software for upgrade or patch information. See References."
Yo pensaba que ese programa yo no lo tenia y me di cuenta de que si
y es SSH Secure Shell for Workstations 3.0
mi consulta es que puedo hacer y para que sirve ese programa (no lo eh executado ni se inicia cuando uno entro a mi sesion) , la solucion es desinstalarlo.
