Security Incidents mailing list archives
SSH1 CRC32 Compensation Attacks
From: "Armando B. Ortiz" <aortiz () onlinetraffic com>
Date: 09 Dec 2001 07:36:49 -0800
The attacks apparently took down two of our servers in a 4-server
webfarm. They apparently leave the typical root kits and
compromised/trojaned binaries.
Unfortunately, I can't recover the other boxes and have to rebuild
them. The intruder left compromised files relating to the operation of
SSH as well as a trojaned SSH daemon.
=:(
--
-----------------------------------------------------------------
From the Linux Box of Armando Ortiz
System Administrator
OnLineTraffic.com
Email: aortiz () onlinetraffic com
Download my public key from:
ftp://209.185.214.98/pub/pubkeys/aortiz () onlinetraffic com pub
or retrieve it from
http://www.keyserver.net as aortiz () onlinetraffic com
(Public Key expires 01/04/2002)
All emails from me are signed by this public key.
-----------------------------------------------------------------
Attachment:
_bin
Description:
Current thread:
- Re: Attacks against SSH?, (continued)
- Re: Attacks against SSH? f.johan.beisser (Dec 03)
- Re: Attacks against SSH? johan . augustsson (Dec 04)
- Re: Attacks against SSH? Jordan K Wiens (Dec 04)
- Re: Attacks against SSH? Dave Dittrich (Dec 04)
- Re: Attacks against SSH? Jason Baker (Dec 04)
- Re: Attacks against SSH? Michal Zalewski (Dec 04)
- Re: Attacks against SSH? Russell Fulton (Dec 04)
- Re: Attacks against SSH? Przemyslaw Frasunek (Dec 05)
- Re: Attacks against SSH? johan . augustsson (Dec 04)
- Re: Attacks against SSH? f.johan.beisser (Dec 03)
- Re: Attacks against SSH? f.johan.beisser (Dec 04)
- SSH1 CRC32 Compensation Attacks Armando B. Ortiz (Dec 10)
- Re: SSH1 CRC32 Compensation Attacks Andreas Östling (Dec 10)
- Re: SSH1 CRC32 Compensation Attacks Armando Ortiz (Dec 10)
- Re: Attacks against SSH? Steven S (Dec 03)
- Re: Attacks against SSH? Adam Manock (Dec 04)
- Message not available
- Message not available
- Re: Attacks against SSH? johan . augustsson (Dec 06)