[rescue] OT: SSH
Kenneth Caruso
rescue at sunhelp.org
Sat Dec 22 17:00:51 CST 2001
Not recently but almost a year ago. I have noticed an increase in scanning
for this vulnerability in the past month and personally know a couple of
people and or companies that have been rooted by this exploit. I am
guessing its the crc attack, only its finally been stupified/coded to the
script kiddie level. From my understanding disabiling protocol 1 (as the
exploit is the protocol 1 code) is a good immediate action to take if you
cannot upgade/patch right away. I believe post 2.2 of openssh is safe.
Oh heres the notice.
http://securityfocus.com/bid/2347
Ken Caruso
kenc at seattlewireless.net
http://ken.ipl31.net
"when in doubt tell the truth" -Mark Twain
On Sat, 22 Dec 2001, Phil Schilling wrote:
> Did they find some new venerability in ssh just recently? Half of my
> clients firewalls had port scan type probes on only port 22. One hit
> each from about 6 different sites. All last nite. The ones that were
> scanned were on two different ISP's and 3 different subnets.
>
> Thanks
>
> Phil
>
> --
> Phil Schilling
> GCS Tech
> phils at gcstech.net
> _______________________________________________
> rescue maillist - rescue at sunhelp.org
> http://www.sunhelp.org/mailman/listinfo/rescue
>
More information about the rescue
mailing list