|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re:
Date: Mon Nov 11 2002 - 18:08:11 EST
All versions of ssh up to 3.4 are open to the ssh vulnerability in
question 3.1 vanilla ships with 3.2 I believe...
-----Original Message-----
From: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org] On Behalf
Of Bruno Saverio Delbono
Sent: 11 November 2002 22:49
To: Jon Quiros; misc@openbsd.org
Subject: Re:
At 05:34 PM 11/11/2002 -0500, Jon Quiros wrote:
>I got back from a trip last night and noticed a new user in my passwd
Neat. A hacker! :-)...stupid one too :P
>koped:*:1010:10:Mr. Kopad Koped:/home/koped:/bin/csh
>these are the connections i see the person made (as koped):
He never cleaned the /var/log for his trace? Interesting...
>Nov 9 13:39:13 tlaloc sshd[10102]: Accepted password for koped from
>I also see this for one of the addresses in authlog:
I get a hundred of these a day at times. I wonder who would want to brute-force via ssh (*sigh*)
Does it look like
>a) a brute force attack to ssh right when i set pf to allow ssh
No.
>b) could i have been compromised through the then unpatched smrsh
You need a local account for this.
>c) i haven't the nearest clue but you can help me see things i'm not
I may go as far as to suggest that they may have tried to get in via
ssh.
See http://online.securityfocus.com/bid/5093
I think vanilla 3.1 is vulnerable to this.
Also see http://blow.packetfu.org:1337/hnd.html
Bruno Received on Mon Nov 11 18:10:18 2002
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:31:29 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |