From: | Greg Watson <gwatson@××××××××××.com> |
---|---|
To: | gentoo-security@l.g.o |
Subject: | [gentoo-security] new ssh worm? |
Date: | Tue, 27 Jul 2004 16:31:29 |
Message-Id: | 41068336.5050300@linuxlogin.com |
1 | -----BEGIN PGP SIGNED MESSAGE----- |
2 | Hash: SHA1 |
3 | |
4 | Over the past few days I've noticed many attempts from different sources |
5 | trying to login on ssh via guest/test/admin/etc accounts. Looking |
6 | further into the matter I found SANS is looking for information too. |
7 | |
8 | http://www.incidents.org/diary.php?date=2004-07-23 |
9 | http://www.incidents.org/diary.php?date=2004-07-25 |
10 | |
11 | and more information here: |
12 | http://www.dslreports.com/forum/remark,10854834~mode=flat~days=9999 |
13 | |
14 | It appears as the net is getting hit with these all over. I would guess |
15 | this is a very early stage of some kind of new worm/exploit in the |
16 | works. What is more, it appears to have the ability to pass some NAT |
17 | boxes by tricking them into replying back to the source. |
18 | |
19 | If you're not already doing so, I recommend to disable password |
20 | interactive login and enforce key only logins. This will prevent some |
21 | of the ssh exploits, brute-force attacks, and general script kiddies. |
22 | |
23 | And as always, upgrade to the latest version of OpenSSH/OpenSSL. |
24 | - -- |
25 | Greg Watson |
26 | http://www.linuxlogin.com |
27 | GnuPG Key: http://www.linuxlogin.com/gpg_key.pub |
28 | -----BEGIN PGP SIGNATURE----- |
29 | Version: GnuPG v1.2.4 (GNU/Linux) |
30 | Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
31 | |
32 | iD8DBQFBBoMk0stmTYtmfxsRAgEtAJ4xX4NUhVY1TrQ2sLVw2VOH3/02KACgiOak |
33 | 7fJRiR57F4RbRZQflDbIVqs= |
34 | =r4zY |
35 | -----END PGP SIGNATURE----- |
36 | |
37 | -- |
38 | gentoo-security@g.o mailing list |
Subject | Author |
---|---|
Re: [gentoo-security] new ssh worm? | Gary Nichols <gary@××××××××××.org> |
Re: [gentoo-security] new ssh worm? | Mark Guertin <guertin@××××××××××××××.com> |
Re: [gentoo-security] new ssh worm? | Andrew Gaffney <agaffney@×××××××××××.com> |
Re: [gentoo-security] new ssh worm? | Tim Igoe <tim@×××××××.uk> |
Re: [gentoo-security] new ssh worm? | Robert Sanders <rob-lists@××××××××.com> |
Re: [gentoo-security] new ssh worm? | Viktors Rotanovs <Viktors@××××××××.com> |