Security Incidents mailing list archives
SSH1 CRC32 Compensation Attacks
From: "Armando B. Ortiz" <aortiz () onlinetraffic com>
Date: 09 Dec 2001 07:36:49 -0800
The attacks apparently took down two of our servers in a 4-server webfarm. They apparently leave the typical root kits and compromised/trojaned binaries. Unfortunately, I can't recover the other boxes and have to rebuild them. The intruder left compromised files relating to the operation of SSH as well as a trojaned SSH daemon. =:( -- ----------------------------------------------------------------- From the Linux Box of Armando Ortiz System Administrator OnLineTraffic.com Email: aortiz () onlinetraffic com Download my public key from: ftp://209.185.214.98/pub/pubkeys/aortiz () onlinetraffic com pub or retrieve it from http://www.keyserver.net as aortiz () onlinetraffic com (Public Key expires 01/04/2002) All emails from me are signed by this public key. -----------------------------------------------------------------
Attachment:
_bin
Description:
Current thread:
- Re: Attacks against SSH?, (continued)
- Re: Attacks against SSH? f.johan.beisser (Dec 03)
- Re: Attacks against SSH? johan . augustsson (Dec 04)
- Re: Attacks against SSH? Jordan K Wiens (Dec 04)
- Re: Attacks against SSH? Dave Dittrich (Dec 04)
- Re: Attacks against SSH? Jason Baker (Dec 04)
- Re: Attacks against SSH? Michal Zalewski (Dec 04)
- Re: Attacks against SSH? Russell Fulton (Dec 04)
- Re: Attacks against SSH? Przemyslaw Frasunek (Dec 05)
- Re: Attacks against SSH? johan . augustsson (Dec 04)
- Re: Attacks against SSH? f.johan.beisser (Dec 03)
- Re: Attacks against SSH? f.johan.beisser (Dec 04)
- SSH1 CRC32 Compensation Attacks Armando B. Ortiz (Dec 10)
- Re: SSH1 CRC32 Compensation Attacks Andreas Östling (Dec 10)
- Re: SSH1 CRC32 Compensation Attacks Armando Ortiz (Dec 10)
- Re: Attacks against SSH? Steven S (Dec 03)
- Re: Attacks against SSH? Adam Manock (Dec 04)
- Message not available
- Message not available
- Re: Attacks against SSH? johan . augustsson (Dec 06)