question about zmap, ssh and fingerprinting

To: ietf-ssh%NetBSD.org@localhost
Subject: question about zmap, ssh and fingerprinting
From: Stephen Farrell <stephen.farrell%cs.tcd.ie@localhost>
Date: Tue, 10 Nov 2015 19:49:38 +0000

Hiya,

The netconf protocol can use either TLS or SSH. They're working
on a "call-home" draft [1] and as part of that I suggested that
the WG maybe consider adding a security consideration something
like that below. They're thinking about that but asked if the
same considerations would apply to SSH. I guess in principle it
ought, but I don't think I've seen specific uses of zmap that
did that, so I figured I'd ask. (Note: we just need to know if
s/TLS/TLS or SSH/ would be good or bad below, but of course any
other comments on [1] would be interesting too.)

Thanks in advance,
S.

[1] https://tools.ietf.org/html/draft-ietf-netconf-call-home-11

Suggested text:

"Internet facing hosts running TLS will be fingerprinted via
public IPv4 scanning tools such as zmap. [zmap] If those hosts
are not updated and have known vulnerabilities those will be
exploited. This is noted here as, a) TLS provides many ways
in which a device can be fingerprinted and b) zmap is still
relatively new. Implementers and those deploying need to
ensure that they provide mechanisms for software update so
that vulnerabilities are fixed in a timely fashion."

[zmap] Durumeric, Zakir, Eric Wustrow, and J. Alex Halderman.
"ZMap: Fast Internet-wide Scanning and Its Security Applications."
Usenix Security. 2013.

Prev by Date: Re: Curve25519/448 key agreement for SSH
Next by Date: Re: DH group exchange (Re: SSH key algorithm updates)
Previous by Thread: rsa-sha2-256: Need YOUR opinion on PSS vs PKCS#1 v1.5
Next by Thread: New version of rsa-sha2-256 draft: Back to PKCS#1 v1.5
Indexes:

Home | Main Index | Thread Index | Old Index