Date: Tue, 9 Jan 2018 10:25:23 -0500 From: Mike Tancsa <mike@sentex.net> To: byrnejb@harte-lyne.ca, freebsd-questions@freebsd.org Subject: =?UTF-8?Q?Re:_Meltdown_=e2=80=93_Spectre?= Message-ID: <f8562fa2-d0b5-9a79-6fb4-fde38a5efdee@sentex.net> In-Reply-To: <3037cb3560fe970cdfb789a265faf21b.squirrel@webmail.harte-lyne.ca> References: <3037cb3560fe970cdfb789a265faf21b.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/9/2018 9:38 AM, James B. Byrne via freebsd-questions wrote: > I have read some accounts which seem to imply that the rate of ssh > attacks measurably increased following the announcement of these two > flaws. The implication being that there was some cause and effect > relationship. I cannot fathom what this could be. They are up, but I suspect its the normal uptick post holidays. Here is a pretty well sampled view of scanning https://isc.sans.edu/port.html?port=22 I seem to recall similar trends in previous years. > if only authorized software is permitted to run therein, then how much > of a threat does this development pose to such? Well, its hard to say and I guess it depends who the attackers are and what their goals are. If its opportunistic bots just hammering away in brute force at your perimeter, its one thing. If its someone trying to figure out out to get access to your internal network thats another. Breaches of the later I think will often be chained. e.g. use a broken web facing app to allow the attacker to upload and execution of arbitrary code. That code then can work on exploiting other, local vulnerabilities including meltdown/spectre. In that sense, its another (serious) local priv escalation issue to worry about. > > It seems to me that public 'cloud' environments is where this sort of > stuff would find its most vulnerable targets. Private data systems > are no more likely to succumb to attacks along this vector than to any > other routinely available rootkit. Is that a fair assessment? I think what Spectre and Meltdown uniquely bring to the table are ways to attack neighbouring VMs that were previously thought to be relatively safe. A local root kit was a local root kit. With Meltdown, all the VM instances are only as safe as the weakest link on that hardware. There have been bugs in the past that allowed this type of attack, but those were relatively rare and hard to exploit (IIRC). ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f8562fa2-d0b5-9a79-6fb4-fde38a5efdee>