Gentoo Archives: gentoo-security

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA1
3
4	Over the past few days I've noticed many attempts from different sources
5	trying to login on ssh via guest/test/admin/etc accounts. Looking
6	further into the matter I found SANS is looking for information too.
7
8	http://www.incidents.org/diary.php?date=2004-07-23
9	http://www.incidents.org/diary.php?date=2004-07-25
10
11	and more information here:
12	http://www.dslreports.com/forum/remark,10854834~mode=flat~days=9999
13
14	It appears as the net is getting hit with these all over. I would guess
15	this is a very early stage of some kind of new worm/exploit in the
16	works. What is more, it appears to have the ability to pass some NAT
17	boxes by tricking them into replying back to the source.
18
19	If you're not already doing so, I recommend to disable password
20	interactive login and enforce key only logins. This will prevent some
21	of the ssh exploits, brute-force attacks, and general script kiddies.
22
23	And as always, upgrade to the latest version of OpenSSH/OpenSSL.
24	- --
25	Greg Watson
26	http://www.linuxlogin.com
27	GnuPG Key: http://www.linuxlogin.com/gpg_key.pub
28	-----BEGIN PGP SIGNATURE-----
29	Version: GnuPG v1.2.4 (GNU/Linux)
30	Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
31
32	iD8DBQFBBoMk0stmTYtmfxsRAgEtAJ4xX4NUhVY1TrQ2sLVw2VOH3/02KACgiOak
33	7fJRiR57F4RbRZQflDbIVqs=
34	=r4zY
35	-----END PGP SIGNATURE-----
36
37	--
38	gentoo-security@g.o mailing list

Subject	Author
Re: [gentoo-security] new ssh worm?	Gary Nichols <gary@××××××××××.org>
Re: [gentoo-security] new ssh worm?	Mark Guertin <guertin@××××××××××××××.com>
Re: [gentoo-security] new ssh worm?	Andrew Gaffney <agaffney@×××××××××××.com>
Re: [gentoo-security] new ssh worm?	Tim Igoe <tim@×××××××.uk>
Re: [gentoo-security] new ssh worm?	Robert Sanders <rob-lists@××××××××.com>
Re: [gentoo-security] new ssh worm?	Viktors Rotanovs <Viktors@××××××××.com>