136
Arkoon appliance ssh port tcp-822 detection
Firewalls
2004/09/02
Marc Ruef
marc dot ruef at computec dot ch
http://www.computec.ch
computec.ch
Marc Ruef
marc dot ruef at computec dot ch
http://www.computec.ch
computec.ch
2004/11/13
1.1
Corrected the plugin structure and added the accuracy values in 1.1
tcp
822
open|sleep|close|pattern_exists *SSH-[0-9].*SSF*
95
Check is adapted from the Nessus plugin (see Nessus ID listed in the sources).
Arkoon Network Security
support at arkoon dot net
http://www.arkoon.net
Arkoon appliances
Other solutions
Configuration
The remote host seems to be a Arkoon appliance with SSH port tcp/822 open. Letting attackers know that you are using a Arkoon appliance will help them to focus their attack or will make them change their strategy.
The service should be deactivated or de-installed if not necessary. To make it harder to find the server the daemon could be configured to listen at another port (e.g. 1400). Try to prevent unwanted connection attempts by filtering traffic with firewalling.
Approx. 30 minutes
Yes
http://www.nessus.org
No
No
Low
3
6
5
4
Low
Nessus is able to do a similar check.
14377
Building Internet Firewalls, Elizabeth D. Zwicky, Simon Cooper and D. B. Chapman, September 1, 2000, O'Reilly & Associates, ISBN 1565928717, 2nd edition
http://www.arkoon.net
