Security Incidents mailing list archives
Re: Voluminous SSHd scanning; possible worm activity?
From: Bertrand.Lupart () iteam org (Bertrand Lupart)
Date: Wed, 12 Dec 2001 12:20:41 +0100
For my own part, on top of upgrading to the latest versions of SSHd, I'm recommending that folks utilize IPchains or IPFilter to reinforce their explicitly-defined AllowHosts directives in sshd_config. These measure in themselves should greatly mitigate both the present (and hopefully, future) threat of successful remote attack on SSHd.
Are we safe if the attack is run from a host not listed as accepted in access control files, ie: /etc/hosts.deny: ALL: ALL /etc/hosts.allow: sshd: www.xxx.yyy.zzz Thanx. -- Bertrand ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Voluminous SSHd scanning; possible worm activity?, (continued)
- Re: Voluminous SSHd scanning; possible worm activity? Jay D. Dyson (Dec 10)
- RE: Voluminous SSHd scanning; possible worm activity? Schroeder, Eric (Dec 10)
- RE: Voluminous SSHd scanning; possible worm activity? Jay D. Dyson (Dec 10)
- Re: Voluminous SSHd scanning; possible worm activity? Markus Friedl (Dec 10)
- RE: Voluminous SSHd scanning; possible worm activity? Schroeder, Eric (Dec 10)
- Re: Voluminous SSHd scanning; possible worm activity? Florian Weimer (Dec 10)
- Re: Voluminous SSHd scanning; possible worm activity? Markus Friedl (Dec 11)
- Re: Voluminous SSHd scanning; possible worm activity? Florian Weimer (Dec 10)
- RE: Voluminous SSHd scanning; possible worm activity? Gommers, Joep (Dec 11)
- RE: Voluminous SSHd scanning; possible worm activity? Damien Miller (Dec 11)
- RE: Voluminous SSHd scanning; possible worm activity? Jay D. Dyson (Dec 11)
- Re: Voluminous SSHd scanning; possible worm activity? Bertrand Lupart (Dec 12)
- Re: Voluminous SSHd scanning; possible worm activity? Jonathan Bloomquist (Dec 13)
- RE: Voluminous SSHd scanning; possible worm activity? jon schatz (Dec 11)
- Re: Voluminous SSHd scanning; possible worm activity? Markus Friedl (Dec 12)
- RE: Voluminous SSHd scanning; possible worm activity? Gommers, Joep (Dec 12)
- RE: Voluminous SSHd scanning; possible worm activity? Gommers, Joep (Dec 12)
- Re: Voluminous SSHd scanning; possible worm activity? Paul Gear (Dec 13)
- Re: Voluminous SSHd scanning; possible worm activity? Sam Ferrell (Dec 14)