Date: Fri, 30 Nov 2001 09:01:25 -0700 From: Brett Glass <brett@lariat.org> To: <bsd-sec@boneyard.lawrence.ks.us>, freebsd-security@FreeBSD.ORG Subject: Re: sshd exploit Message-ID: <4.3.2.7.2.20011130084920.042827e0@localhost> In-Reply-To: <Pine.BSF.4.10.10111300105070.99377-100000@madeline.boneyar d.lawrence.ks.us> References: <20011129012235.U6446-100000@achilles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:30 AM 11/30/2001, bsd-sec@boneyard.lawrence.ks.us wrote: >Perhaps so. However, at the univeristy department where I work, RH Linux lab >machines running both 2.5.x and 2.9.x versions of OpenSSH were indeed >compromised while running ssh version 1. The only other services with >externally available ports were portmap and syslogd. Interesting. Any way we can do a postmortem analysis to determine whether sshd was the weak link? While I wouldn't suggest that people panic, I am concerned about intrusions even though all of my FreeBSD boxen are now running 3.0.1p1. We have several people with SSHv1 clients who send and receive e-mail from the road via port forwarding. We need to keep a secure (at least as much as the protocol allows) SSHv1 server running. So, we're doing VERBOSE logging and watching for suspicious activity. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20011130084920.042827e0>