|
This medium lacks appropriate smileys to react to this text. :D
From: Peter Gutmann
Sent: Sunday, March 26, 2017 23:47
Subject: Re: Fixing exchange of host keys in the SSH key
exchange Mouse
<mouse%Rodents-Montreal.ORG@localhost> writes: >(They were the SSH listeners on devices such as switches.) It seems to be an unwritten law that big-iron networking hardware has to run 15-to-20-year-old unpatched copies of some version of SSH that the switch/router vendor found in a dumpster somewhere. I've seen late-1990s ssh.com implementations as recently as a few years ago, which is why I have to keep active old SSH bug-workarounds that should have been retired a decade or more ago. Being able to remotely crash a carrier-grade router [0] by sending it an SSH option it didn't expect is a bit disturbing... this is why my code grew a dump-full-packet-trace-to-debug-console option at some point in the past. Peter. [0] I guess the SSH part is excluded from the carrier-grade categorisation. |