-----BEGIN PGP SIGNED MESSAGE----- On Tue, 11 Dec 2001, Gommers, Joep wrote: > The reason for all the scans on port 22 are not worms, it's the whole > scriptkiddie world that is scanning your ports for SSH versions: The reason why I initially suspected worm activity was manyfold, but another reason was that only certain netblocks were apparently targeted. I haven't seen such concerted scanning occuring on the other netblocks on which I manage servers. > Anyway, i suggest you patch ssh to > 3.0.1(this has a local exploit). Or > use a telnetd > 0.17. I wouldn't use telnetd if you bribed me with a thousand redheaded girls, each with a distinct Irish brogue...(though that would be a good start). ;) For my own part, on top of upgrading to the latest versions of SSHd, I'm recommending that folks utilize IPchains or IPFilter to reinforce their explicitly-defined AllowHosts directives in sshd_config. These measure in themselves should greatly mitigate both the present (and hopefully, future) threat of successful remote attack on SSHd. - -Jay ( ( _______ )) )) .-"There's always time for a good cup of coffee"-. >====<--. C|~~|C|~~| (>----- Jay D. Dyson -- jdysonat_private -----<) | = |-' `--' `--' `---------- Si vis pacem, para bellum. ----------' `------' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBPBaTlrlDRyqRQ2a9AQHImAP/RXDBmE4CHr3YP3VAfx3LK9Pn0WbbpwN0 7u7Tcg2qAA+KoSPNTyOvgk9n7UjJZiQ7oXK2IuR9JSOG7gk3LYc/doTjQQMCYTK+ HPdGYLutE3i6MKzdNuKwsU88W5Z9ZflQTnPUx+fnohIu87nJ5c7ihWUz7ZL7fjtz ZyBfv//N0m8= =HCMg -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Dec 11 2001 - 18:52:30 PST