Security Incidents mailing list archives
Re: Voluminous SSHd scanning; possible worm activity?
From: Paul Gear <paulgear () gear dyndns org>
Date: Fri, 14 Dec 2001 06:52:00 +1000
--- Bertrand Lupart <Bertrand.Lupart () iteam org> wrote:For my own part, on top of upgrading to the latest versions of SSHd, I'm recommending that folks utilize IPchains or IPFilter to reinforce their explicitly-defined AllowHosts directives in sshd_config. These measure in themselves should greatly mitigate both the present (and hopefully, future) threat of successful remote attack on SSHd.Are we safe if the attack is run from a host not listed as accepted in access control files, ie: /etc/hosts.deny: ALL: ALL /etc/hosts.allow: sshd: www.xxx.yyy.zzzOnly services that are launched using tcpwrappers will check the /etc/hosts.* files for access permissions. Your can use tcpdchk to analyze your wrapper config:
That's not strictly true. Anything that uses libwrap uses it, which includes recent versions of OpenSSH (at least on Red Hat Linux - i believe it's a compile-time option). PDG ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Voluminous SSHd scanning; possible worm activity?, (continued)
- Re: Voluminous SSHd scanning; possible worm activity? Markus Friedl (Dec 11)
- RE: Voluminous SSHd scanning; possible worm activity? Gommers, Joep (Dec 11)
- RE: Voluminous SSHd scanning; possible worm activity? Damien Miller (Dec 11)
- RE: Voluminous SSHd scanning; possible worm activity? Jay D. Dyson (Dec 11)
- Re: Voluminous SSHd scanning; possible worm activity? Bertrand Lupart (Dec 12)
- Re: Voluminous SSHd scanning; possible worm activity? Jonathan Bloomquist (Dec 13)
- RE: Voluminous SSHd scanning; possible worm activity? jon schatz (Dec 11)
- Re: Voluminous SSHd scanning; possible worm activity? Markus Friedl (Dec 12)
- RE: Voluminous SSHd scanning; possible worm activity? Gommers, Joep (Dec 12)
- RE: Voluminous SSHd scanning; possible worm activity? Gommers, Joep (Dec 12)
- Re: Voluminous SSHd scanning; possible worm activity? Paul Gear (Dec 13)
- Re: Voluminous SSHd scanning; possible worm activity? Sam Ferrell (Dec 14)