OpenSSH server and client version 5.1 has just been released and available for download. New features in OpenSSH 5.1:
=> Introduce experimental SSH Fingerprint ASCII Visualisation to ssh(1) and ssh-keygen(1).
=> sshd now support CIDR address/masklen matching.
=> Added an extended test mode (-T) to sshd(8) to request that it write its effective configuration to stdout and exit.
=> ssh(1) now prints the number of bytes transferred and the overall connection throughput for SSH protocol 2 sessions when in verbose mode.
=> Added a MaxSessions option to sshd_config(5) to allow control of the number of multiplexed sessions supported over a single TCP connection.
Download OpenSSH 5.1
=> Visit offical site to grab latest OpenSSH 5.1
By hiding out DNS server version number you can improve server security. fpdns is a program that remotely determines DNS server versions. It does this by sending a series of borderline DNS queries which are compared against a table of responses and server versions. (just like nmap command’s remote OS detection facility).
A nameserver basically responds to a query. Interoperability is an obvious requirement here. The standard protocol behavior of different DNS implementations is expected to be the same.
Debian / Ubuntu user, enter the following command:
$ sudo apt-get install fpdns
FreeBSD user, either use ports or binary package:
$ pkg_add -v -r fpdns
Alternatively grab source code from official web site.
Howto remotely determine DNS server version
To determine DNS server version for domain nixcraft.com, enter:
$ fpdns -D nixcraft.com
fingerprint (nixcraft.com, 220.127.116.11): bboy MyDNS
fingerprint (nixcraft.com, 18.104.22.168): bboy MyDNS
You can easily find out if recursion enabled or not:
$ fpdns ns1.vnsl.com.
fingerprint (ns1.vnsl.com., 22.214.171.124): ISC BIND 9.2.3rc1 -- 9.4.0a0 [recursion enabled]
To read list of servers from key board, enter:
$ fpdns -
fingerprint (ns2.vnsl.com, 126.96.36.199): ISC BIND 9.2.3rc1 -- 9.4.0a0 [recursion enabled]
fingerprint (ns1.softlayer.com, 188.8.131.52): ISC BIND 9.2.3rc1 -- 9.4.0a0
fingerprint (ns.yahoo.com, 184.108.40.206): ISC BIND 8.3.0-RC1 -- 8.4.4
fingerprint (ns1.google.com, 220.127.116.11): ISC BIND 8.3.0-RC1 -- 8.4.4
=> Read fpdns man page.