平常都是掃 Port 80/443,然後就有人跑去掃 Port 22:「We scanned the Internet for port 22」。依照原文說的,這次給的數據只是 60% 的 Internet,其他 40% 的資料有問題,他要再想辦法修...
這是 Top 20 的 unique banner 數據:
1730887 SSH-2.0-OpenSSH_4.3 1562709 SSH-2.0-OpenSSH_5.3 1067097 SSH-2.0-dropbear_0.46 824377 SSH-2.0-dropbear_0.51 483318 SSH-2.0-dropbear_0.52 348878 SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1 327841 SSH-1.99-Cisco-1.25 320539 SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze3 318279 SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1 307028 SSH-2.0-ROSSSH 271614 SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze2 233842 SSH-2.0-OpenSSH_5.1p1 Debian-5 225095 SSH-2.0-OpenSSH_5.1 224991 SSH-2.0-OpenSSH_5.1p1 FreeBSD-20080901 213201 SSH-2.0-OpenSSH_4.7 209023 SSH-2.0-OpenSSH_6.0p1 Debian-4 195977 SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7 140809 SSH-2.0-dropbear_0.50 135821 SSH-2.0-OpenSSH 132351 SSH-2.0-Cisco-1.25
可以看到 OpenSSH 是最大宗,而 dropbear 應該是各種 box 的量撐起來的...
參考維基百科上 OpenSSH 的條目,OpenSSH 的各版本的發行日期分別是:
- 3.5:2002/10/14 (FreeBSD 4.11)
- 4.3:2006/02/01
- 4.7:2007/09/04
- 5.1:2008/07/21
- 5.3:2009/10/01
- 5.4:2010/03/08 (FreeBSD 8.3)
- 5.5:2010/04/16 (Debian 6)
- 5.7:2011/01/24
- 5.8:2011/02/04 (FreeBSD 9.1)
- 5.9:2011/09/06
- 6.0:2012/04/22 (Debian 7)
- 6.1:2012/08/29 (FreeBSD 8.4)
後面的作業系統是就手上有的機器來看,不過 4.3 是最多的是怎麼一回事呢... 作者這樣解釋:
Note that these counts are a bit off. Some networks have a router that forwards all connections of a certain port to a single machine. Maybe "OpenSSH_4.3" is most popular banner, or maybe the national ISP of Elbonia just reroutes all port 22 requests.
所以有可能只是個假象?XD