Security Incidents mailing list archives

Re: Internet SSH scans

From: Valdis.Kletnieks () vt edu
Date: Tue, 21 Mar 2006 20:14:26 -0500

On Tue, 21 Mar 2006 16:20:46 -0200, Adriano Carvalho said:

2) Hide ssh service. How ? Try SAdoor
(http://packetstormsecurity.org/UNIX/penetration/rootkits/index6.html)

From packetstorm:
"SADoor is a non-listening remote administration tool for Unix systems. It
sets up a listener in non-promiscuous mode for a specific sequence of packets
arriving to the interface before allowing command mode. The commands are sent
Blowfish encoded in the TCP payload and decoded and passed on to system(3)."

Its cool, and good to hide some services...


Of course, if the password is ever compromised, you'll then be left wondering
how things are getting run, because you forgot you installed it. :)

Attachment: _bin
Description:

Current thread:

Re: Internet SSH scans, (continued)
- Re: Internet SSH scans Hugo J. Curti (Mar 06)
- RE: Internet SSH scans steve (Mar 02)
  - RE: Internet SSH scans Peter Bassill (Mar 03)
- Re: RE: Internet SSH scans admin (Mar 03)
  - Re: RE: Internet SSH scans Daxomatic (Mar 03)
  - Re: RE: Internet SSH scans Christine Kronberg (Mar 03)
  - Re: Internet SSH scans JK Adams (Mar 03)
- Re: RE: Internet SSH scans joakim . berge (Mar 03)
- Re: Re: RE: Internet SSH scans mrbits (Mar 03)
  - RE: Internet SSH scans Adriano Carvalho (Mar 21)
    - Re: Internet SSH scans Valdis . Kletnieks (Mar 22)
    - Re: Internet SSH scans Adriano Carvalho (Mar 22)
- RE: Internet SSH scans William Tarkington (Mar 03)
  - Re: Internet SSH scans ilaiy (Mar 03)
  - Re: Internet SSH scans Stephen J. Smoogen (Mar 03)
- RE: RE: Internet SSH scans Teodorski, Chris (Mar 03)
- Re: Re: Internet SSH scans notonyour (Mar 04)
- Re: RE: Internet SSH scans Michael . Lang (Mar 23)
  - Re: Internet SSH scans Valdis . Kletnieks (Mar 23)