Full Disclosure mailing list archives
Re: new ssh exploit?
From: christopher neitzert <chris () neitzert com>
Date: Mon, 15 Sep 2003 13:48:34 -0400
More on this; The systems in question are FreeBSD, RedHat, Gentoo, and Debian all running the latest versions of OpenSSH. The attack makes an enormous amount of ssh connections and attempts various offsets until it finds one that works permitting root login. I have received numerous messages from folks requesting anonymity or direct-off-list-reply confirming this exploit; The suggestions I have heard are: Turn off SSH and 1. upgrade to lsh. or 2. add explicit rules to your edge devices allowing ssh from only-known hosts. or 3. put ssh behind a VPN on RFC-1918 space. thanks. On Mon, 2003-09-15 at 12:02, christopher neitzert wrote:
Does anyone know of or have source related to a new, and unpublished ssh exploit? An ISP I work with has filtered all SSH connections due to several root level incidents involving ssh. Any information is appreciated.
-- Christopher Neitzert - GPG Key ID: 7DCC491B
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- new ssh exploit? christopher neitzert (Sep 15)
- Re: new ssh exploit? security snot (Sep 15)
- Re: new ssh exploit? phlox (Sep 15)
- Re: new ssh exploit? Andreas Gietl (Sep 16)
- Re: new ssh exploit? Florian Weimer (Sep 16)
- Re: new ssh exploit? Michael 'Moose' Dinn (Sep 16)
- RE: new ssh exploit? Aditya (Sep 17)
- Re: new ssh exploit? Cael Abal (Sep 17)
- Re: new ssh exploit? Andreas Gietl (Sep 16)
- Re: new ssh exploit? Adam Shostack (Sep 15)
- Re: new ssh exploit? Justin Kreger (Sep 15)
- Re: new ssh exploit? Ron DuFresne (Sep 16)
- Re: new ssh exploit? Jonathan A. Zdziarski (Sep 16)
- Re: new ssh exploit? Valdis . Kletnieks (Sep 17)
- Re: new ssh exploit? Valdis . Kletnieks (Sep 17)
- Re: new ssh exploit? Bennett Todd (Sep 16)
- Re: new ssh exploit? Ron DuFresne (Sep 16)
- Re: new ssh exploit? Bennett Todd (Sep 16)