Security Incidents mailing list archives
Re: Possible remote vulnerability in SSH-1.2.27
From: Alexandru Frangeti <alex.frangeti () afrodita mangalia astral ro>
Date: Thu, 3 Oct 2002 06:45:43 +0300 (EEST)
Made in Romania.....damn, that rings me a bell... The solution against these types of attacks (as we handle them pretty much, since i'm a romanian sysadmin of Astral Telecom) is knowing pretty much what you're doing with your hosts.allow and deny files, forbidding acces to all ips on every service, if possible filter all the services you need to provide and close all the others...and especially, use the grsecurity patches for your kernel (www.grsecurity.org), patches that make your kernel invulnerable to most romanian exploits, that are based either on rpc overflow, ssh overflow or wu-ftpd overflows. For everyone on the list, if you need other examples of romanian rootkits/exploits, for you to analyse and learn how to defend yourself, please don't hesitate to contact me on private address. Alexandru Frangeti, SysAdmin Astral Telecom SA. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Possible remote vulnerability in SSH-1.2.27 stealth (Oct 02)
- Re: Possible remote vulnerability in SSH-1.2.27 Alexandru Frangeti (Oct 03)
- Re: Possible remote vulnerability in SSH-1.2.27 Andrei Muresan (Oct 03)
- Re: Possible remote vulnerability in SSH-1.2.27 Alexandru Balan (Oct 04)
- Re: Possible remote vulnerability in SSH-1.2.27 Alvin Oga (Oct 05)
- Re: Possible remote vulnerability in SSH-1.2.27 Alexandru Balan (Oct 04)