Re: new ssh exploit?

[security snot <booger () unixclan net>]

Keep in mind that the "secure" in "secure shell" only implies that the
communication itself is encrypted (the same way Verisign makes your
webservers secure and unhackable).  It has nothing to do with the actual
security of the daemon, and if you think for a second that allowing
unfiltered ssh connections to your network won't get you owned, you
obviously don't understand the power of zeroday.

I always explain to my clients that if their networks are interesting
enough to be owned, by people who have the power to own them, then there
really isn't much that can be done to prevent it; we as security
professionals can only sit back and deal with the post-compromise scenario
when dealing with hackers.

Just my two cents.

- booger, the forensics wizard, champion of multiple honeynet contests

-----------------------------------------------------------
"Whitehat by day, booger at night - I'm the security snot."
- CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ -
-----------------------------------------------------------

On Mon, 15 Sep 2003, christopher neitzert wrote:

> Does anyone know of or have source related to a new, and unpublished ssh
> exploit?  An ISP I work with has filtered all SSH connections due to
> several root level incidents involving ssh. Any information is
> appreciated.
>
>
>
>
>
> --
> Christopher Neitzert -  GPG Key ID: 7DCC491B

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html