In message <E172bhL-0005Sf-00@chiark.greenend.org.uk>, Ben Harris writes:
>In article <Pine.LNX.4.43.0204301016540.2765-100000@pilchuck.reedmedia.net> yo
>u write:
>>On Tue, 30 Apr 2002, Bruno Saverio Delbono wrote:
>>
>>> I agree. However, that was just one point I wanted to bring out. If we
>>> are confirming to the OpenSSH filename standards...why not have the
>>> sshd banner the same. Alternatively is there a reason why we have the
>>> banner in the first place?
>>
>>Sometimes OpenSSH in the NetBSD tree is patched for a specific fix
>>-- without updating all code, so that is one reason why the comment. (It
>>probably isn't needed though.)
>
>Having spent a long time trying to persuade the Debian SSH maintainer to
>include useful version information in the banner, I'd be annoyed if NetBSD
>dropped it.  When you're trying to decide which of a large number of
>machines have a given vulnerability, and you haven't got a working exploit
>for it on all platforms, or permission to exercise such an exploit, being
>able to work it out from banners is a great bonus.
>

Right, this is a crucial point.  In many situations, the bad guy 
doesn't mind trying an exploit against everything in sight, without 
relying on the banner.  But the good guy's easiest approach is often the 
banner itself.

		--Steve Bellovin, http://www.research.att.com/~smb
		Full text of "Firewalls" book now at http://www.wilyhacker.com