From 3a1c54d4d3ba4b771f72e25fc23e7485e9a74799 Mon Sep 17 00:00:00 2001 From: djm Date: Mon, 19 Mar 2001 11:36:20 +0000 Subject: [PATCH] - deraadt@cvs.openbsd.org 2001/03/18 23:30:55 [compat.c compat.h sshd.c] specifically version match on ssh scanners. do not log scan information to the console --- ChangeLog | 4 ++++ compat.c | 4 +++- compat.h | 3 ++- sshd.c | 8 +++++++- 4 files changed, 16 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 973909ad..32e75cde 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,10 @@ - djm@cvs.openbsd.org 2001/03/19 03:52:51 [sftp-client.c] Report ssh connection closing correctly; ok deraadt@ + - deraadt@cvs.openbsd.org 2001/03/18 23:30:55 + [compat.c compat.h sshd.c] + specifically version match on ssh scanners. do not log scan + information to the console 20010318 - (bal) Fixed scp type casing issue which causes "scp: protocol error: diff --git a/compat.c b/compat.c index 9d23f9a0..4fb2b441 100644 --- a/compat.c +++ b/compat.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.38 2001/03/10 15:31:00 deraadt Exp $"); +RCSID("$OpenBSD: compat.c,v 1.39 2001/03/18 23:30:55 deraadt Exp $"); #ifdef HAVE_LIBPCRE # include @@ -97,6 +97,8 @@ compat_datafellows(const char *version) { "^OSU_1\\.[0-4]", SSH_BUG_PASSWORDPAD }, { "^OSU_1\\.5alpha[1-3]", SSH_BUG_PASSWORDPAD }, + { "^SSH_Version_Mapper", + SSH_BUG_SCANNER }, { NULL, 0 } }; /* process table, return first match */ diff --git a/compat.h b/compat.h index a1fdbe76..41d6af0f 100644 --- a/compat.h +++ b/compat.h @@ -21,7 +21,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("$OpenBSD: compat.h,v 1.17 2001/03/10 15:31:00 deraadt Exp $"); */ +/* RCSID("$OpenBSD: compat.h,v 1.18 2001/03/18 23:30:55 deraadt Exp $"); */ #ifndef COMPAT_H #define COMPAT_H @@ -42,6 +42,7 @@ #define SSH_BUG_IGNOREMSG 0x0100 #define SSH_BUG_PKOK 0x0200 #define SSH_BUG_PASSWORDPAD 0x0400 +#define SSH_BUG_SCANNER 0x0800 void enable_compat13(void); void enable_compat20(void); diff --git a/sshd.c b/sshd.c index 0a1048cd..384d4082 100644 --- a/sshd.c +++ b/sshd.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.174 2001/03/09 12:30:29 deraadt Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.175 2001/03/18 23:30:55 deraadt Exp $"); #include #include @@ -381,6 +381,12 @@ sshd_exchange_identification(int sock_in, int sock_out) compat_datafellows(remote_version); + if (datafellows & SSH_BUG_SCANNER) { + log("scanned from %s with %s. Don't panic.", + get_remote_ipaddr(), client_version_string); + fatal_cleanup(); + } + mismatch = 0; switch(remote_major) { case 1: -- 2.45.1