- deraadt@cvs.openbsd.org 2001/03/18 23:30:55

[compat.c compat.h sshd.c] specifically version match on ssh scanners. do not log scan information to the console
2001-03-19 22:36:20 +11:00 · 2001-03-19 22:36:20 +11:00 · 27dbe6f37e
parent cafff19105
commit 27dbe6f37e
4 changed files with 17 additions and 4 deletions
--- a/6
+++ b/6
@ -17,6 +17,10 @@
   - djm@cvs.openbsd.org     2001/03/19 03:52:51
     [sftp-client.c]
     Report ssh connection closing correctly; ok deraadt@
+   - deraadt@cvs.openbsd.org 2001/03/18 23:30:55
+     [compat.c compat.h sshd.c]
+     specifically version match on ssh scanners.  do not log scan 
+     information to the console

 20010318
 - (bal) Fixed scp type casing issue which causes "scp: protocol error: 
@ -4616,4 +4620,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1

-$Id: ChangeLog,v 1.980 2001/03/19 11:29:46 djm Exp $
+$Id: ChangeLog,v 1.981 2001/03/19 11:36:20 djm Exp $
--- a/compat.c
+++ b/compat.c
@ -23,7 +23,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.38 2001/03/10 15:31:00 deraadt Exp $");
+RCSID("$OpenBSD: compat.c,v 1.39 2001/03/18 23:30:55 deraadt Exp $");

 #ifdef HAVE_LIBPCRE
 #  include <pcreposix.h>
@ -97,6 +97,8 @@ compat_datafellows(const char *version)
 		{ "^OSU_1\\.[0-4]",	SSH_BUG_PASSWORDPAD },
 		{ "^OSU_1\\.5alpha[1-3]",
 					SSH_BUG_PASSWORDPAD },
+		{ "^SSH_Version_Mapper",
+					SSH_BUG_SCANNER },
 		{ NULL,			0 }
 	};
 	/* process table, return first match */
--- a/compat.h
+++ b/compat.h
@ -21,7 +21,7 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
-/* RCSID("$OpenBSD: compat.h,v 1.17 2001/03/10 15:31:00 deraadt Exp $"); */
+/* RCSID("$OpenBSD: compat.h,v 1.18 2001/03/18 23:30:55 deraadt Exp $"); */

 #ifndef COMPAT_H
 #define COMPAT_H
@ -42,6 +42,7 @@
 #define SSH_BUG_IGNOREMSG	0x0100
 #define SSH_BUG_PKOK		0x0200
 #define SSH_BUG_PASSWORDPAD	0x0400
+#define SSH_BUG_SCANNER		0x0800

 void    enable_compat13(void);
 void    enable_compat20(void);
--- a/sshd.c
+++ b/sshd.c
@ -40,7 +40,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.174 2001/03/09 12:30:29 deraadt Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.175 2001/03/18 23:30:55 deraadt Exp $");

 #include <openssl/dh.h>
 #include <openssl/bn.h>
@ -381,6 +381,12 @@ sshd_exchange_identification(int sock_in, int sock_out)

 	compat_datafellows(remote_version);

+	if (datafellows & SSH_BUG_SCANNER) {
+		log("scanned from %s with %s.  Don't panic.",
+		    get_remote_ipaddr(), client_version_string);
+		fatal_cleanup();
+	}
+
 	mismatch = 0;
 	switch(remote_major) {
 	case 1: