Reported, Privsep was setup on the machines. I wouldn't know if they have tcpdumps, but I would assume they have logs. Just what I've heard by proxy. -Justin On Mon, 2003-09-15 at 17:23, Adam Shostack wrote: > Is privsep on in any of these systems? > > Do the failed attempts show up in your logs? > > And naturally, do you have some tcpdumps? > > Adam > > > On Mon, Sep 15, 2003 at 01:48:34PM -0400, christopher neitzert wrote: > | More on this; > | > | The systems in question are FreeBSD, RedHat, Gentoo, and Debian all > | running the latest versions of OpenSSH. > | > | The attack makes an enormous amount of ssh connections and attempts > | various offsets until it finds one that works permitting root login. > | > | I have received numerous messages from folks requesting anonymity or > | direct-off-list-reply confirming this exploit; > | > | The suggestions I have heard are: > | > | Turn off SSH and > | > | 1. upgrade to lsh. > | > | or > | > | 2. add explicit rules to your edge devices allowing ssh from only-known > | hosts. > | > | or > | > | 3. put ssh behind a VPN on RFC-1918 space. > | > | thanks. > | > | > | > | > | On Mon, 2003-09-15 at 12:02, christopher neitzert wrote: > | > Does anyone know of or have source related to a new, and unpublished ssh > | > exploit? An ISP I work with has filtered all SSH connections due to > | > several root level incidents involving ssh. Any information is > | > appreciated. > | > > | > > | -- > | Christopher Neitzert - GPG Key ID: 7DCC491B > >
Attachment:
signature.asc
Description: This is a digitally signed message part