IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

question about zmap, ssh and fingerprinting



Hiya,

The netconf protocol can use either TLS or SSH. They're working
on a "call-home" draft [1] and as part of that I suggested that
the WG maybe consider adding a security consideration something
like that below. They're thinking about that but asked if the
same considerations would apply to SSH. I guess in principle it
ought, but I don't think I've seen specific uses of zmap that
did that, so I figured I'd ask. (Note: we just need to know if
s/TLS/TLS or SSH/ would be good or bad below, but of course any
other comments on [1] would be interesting too.)

Thanks in advance,
S.

[1] https://tools.ietf.org/html/draft-ietf-netconf-call-home-11

Suggested text:

"Internet facing hosts running TLS will be fingerprinted via
public IPv4 scanning tools such as zmap. [zmap] If those hosts
are not updated and have known vulnerabilities those will be
exploited. This is noted here as, a) TLS provides many ways
in which a device can be fingerprinted and b) zmap is still
relatively new. Implementers and those deploying need to
ensure that they provide mechanisms for software update so
that vulnerabilities are fixed in a timely fashion."

[zmap] Durumeric, Zakir, Eric Wustrow, and J. Alex Halderman.
"ZMap: Fast Internet-wide Scanning and Its Security Applications."
Usenix Security. 2013.



Home | Main Index | Thread Index | Old Index