Security Incidents mailing list archives
Re: Voluminous SSHd scanning; possible worm activity?
From: Sam Ferrell <ferrell () tns utk edu>
Date: Thu, 13 Dec 2001 17:28:50 -0500 (EST)
There are options like AllowHosts and DenyHosts in the sshd2_config file as well as other controls to prevent root from being able to ssh. Sam On Fri, 14 Dec 2001, Paul Gear wrote:
--- Bertrand Lupart <Bertrand.Lupart () iteam org> wrote:For my own part, on top of upgrading to the latest versions of SSHd, I'm recommending that folks utilize IPchains or IPFilter to reinforce their explicitly-defined AllowHosts directives in sshd_config. These measure in themselves should greatly mitigate both the present (and hopefully, future) threat of successful remote attack on SSHd.Are we safe if the attack is run from a host not listed as accepted in access control files, ie: /etc/hosts.deny: ALL: ALL /etc/hosts.allow: sshd: www.xxx.yyy.zzzOnly services that are launched using tcpwrappers will check the /etc/hosts.* files for access permissions. Your can use tcpdchk to analyze your wrapper config:That's not strictly true. Anything that uses libwrap uses it, which includes recent versions of OpenSSH (at least on Red Hat Linux - i believe it's a compile-time option). PDG ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: Voluminous SSHd scanning; possible worm activity?, (continued)
- RE: Voluminous SSHd scanning; possible worm activity? Gommers, Joep (Dec 11)
- RE: Voluminous SSHd scanning; possible worm activity? Damien Miller (Dec 11)
- RE: Voluminous SSHd scanning; possible worm activity? Jay D. Dyson (Dec 11)
- Re: Voluminous SSHd scanning; possible worm activity? Bertrand Lupart (Dec 12)
- Re: Voluminous SSHd scanning; possible worm activity? Jonathan Bloomquist (Dec 13)
- RE: Voluminous SSHd scanning; possible worm activity? jon schatz (Dec 11)
- Re: Voluminous SSHd scanning; possible worm activity? Markus Friedl (Dec 12)
- RE: Voluminous SSHd scanning; possible worm activity? Gommers, Joep (Dec 11)
- RE: Voluminous SSHd scanning; possible worm activity? Gommers, Joep (Dec 12)
- RE: Voluminous SSHd scanning; possible worm activity? Gommers, Joep (Dec 12)
- Re: Voluminous SSHd scanning; possible worm activity? Paul Gear (Dec 13)
- Re: Voluminous SSHd scanning; possible worm activity? Sam Ferrell (Dec 14)