From: Niels Provos [provos@CITI.UMICH.EDU]
Sent: Sunday, February 11, 2001 1:38 PM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: ssh protocol vulnerability scanning

Hi,

recent security problems in ssh protocol implementations require that
vulnerable ssh protocol servers be upgraded.  As an administrator of a
large network, it can be difficult to efficiently determine which
implementations of the ssh protocols are running on a network.

To solve this problem, I wrote the ScanSSH protocol scanner.  It
supports very fast and flexible scanning of large networks.

You can obtain the latest version from

   http://www.monkey.org/~provos/scanssh/

The ScanSSH protocol scanner is distributed under a BSD-license and
completely free for any use including commercial.  It has the
following features:

	- fast scanning of large networks
        - unique random address generation
        - network exclusion lists

The resulting output contains the version of the running ssh protocol
servers:

10.1.12.23 <timeout>
10.1.90.80 SSH-1.5-OpenSSH_2.3.2
10.1.87.85 SSH-1.5-1.2.27
10.1.35.139 <timeout>
10.1.11.92 <timeout>
10.1.84.7 SSH-1.5-OpenSSH_2.3.0
10.1.19.41 SSH-1.5-1.2.26
10.1.29.65 SSH-1.5-OpenSSH_2.3.2
10.1.14.1 SSH-1.5-OpenSSH_2.3.2
10.1.15.71 SSH-1.5-1.2.26

If you are responsible for a large network, this tool allows you to
scan your network frequently.  After scanning, for example, the output
can be piped through

    "|grep -i ssh |grep -v "OpenSSH_2.3.[02]"

to find ssh protocol servers that need to be upgraded.

Regards,
 Niels Provos.