{ScanSSH}: Scanning the Internet for {SSH} Servers

Niels Provos; Peter Honeyman

ScanSSH: Scanning the Internet for SSH Servers

SSH is a widely used application that provides secure remote login. It uses strong cryptography to provide authentication and confidentiality. The IETF SecSH working group is developing SSH v2, an improved SSH protocol that fixes cryptographic and design flaws in the SSH v1 protocol. SSH v2 compatible server software is widespread.

Recently discovered security flaws make it critically important to find vulnerable SSH servers and update them. In this paper, we describe a method to determine with good precision how many servers supporting the various protocol versions have been deployed on the net.

We describe the design and implementation of ScanSSH, a scanner that probes SSH servers for their software version, and discuss the results of scanning the Internet and our local networks for several months.

Niels Provos, CITI, University of Michigan

Peter Honeyman, CITI, University of Michigan

BibTeX

@inproceedings {270832,
author = {Niels Provos and Peter Honeyman},
title = {{ScanSSH}: Scanning the Internet for {SSH} Servers},
booktitle = {15th Systems Administration Conference (LISA 2001)},
year = {2001},
address = {San Diego, CA},
url = {https://www.usenix.org/conference/lisa-2001/scanssh-scanning-internet-ssh-servers},
publisher = {USENIX Association},
month = dec
}

Download

Links

Paper:

http://usenix.org/publications/library/proceedings/lisa2001/tech/full_papers/provos/provos.pdf

Paper (HTML):

http://usenix.org/publications/library/proceedings/lisa2001/tech/full_papers/provos/provos_html/index.html

USENIX Conference Policies

ScanSSH: Scanning the Internet for SSH Servers

Niels Provos, CITI, University of Michigan

Peter Honeyman, CITI, University of Michigan

Links