Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Voluminous SSHd scanning; possible worm activity?

From: Bertrand.Lupart () iteam org (Bertrand Lupart)
Date: Wed, 12 Dec 2001 12:20:41 +0100
      For my own part, on top of upgrading to the latest versions of
SSHd, I'm recommending that folks utilize IPchains or IPFilter to
reinforce their explicitly-defined AllowHosts directives in sshd_config.
These measure in themselves should greatly mitigate both the present (and
hopefully, future) threat of successful remote attack on SSHd. 


Are we safe if the attack is run from a host not listed as accepted in
access control files, ie:

/etc/hosts.deny:
ALL: ALL

/etc/hosts.allow:
sshd: www.xxx.yyy.zzz

Thanx.

-- 
Bertrand

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: