Re: ssh trojaned

From: loki_at_private
Date: Mon Aug 05 2002 - 08:51:41 PDT

Next message: Steven M. Christey: "Re: [Full-Disclosure] Re: Clarification on Xitami DoS"

Previous message: Steven M. Christey: "Re: [Full-Disclosure] Re: Clarification on Xitami DoS"
In reply to: Nick Lange: "Re: Re: ssh trojaned"
Maybe reply: wozzat_private: "Re: Re: ssh trojaned"
Maybe reply: kevinat_private: "RE: Re: ssh trojaned"
Reply: Nick Lange: "Re: ssh trojaned"
Reply: Joakim Andersson: "Re: ssh trojaned"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

On Mon, Aug 05, 2002 at 09:02:38AM -0500, Nick Lange wrote:
> From: "Nick Lange" <nicklangeat_private>
> To: <vuln-devat_private>
> Subject: Re: Re: ssh trojaned
> Date: Mon, 5 Aug 2002 09:02:38 -0500
> X-Mailer: Microsoft Outlook Express 5.50.4807.1700
            ^^^^^^^^^^^^^^^^^^^^^^^^^
	    Warning: You are using software from Microsoft.

> or perhaps, if I am mirror A have a watchdog script compare my md5 sum to
> every other md5 sum accross the mirrors, and take some action should the
> ratio of unmatching MD5's falls below a certain percentage...

that would not work because a smart attackor would serve the correct
file and hash to the watchdog scripts, iss.com, and so on and
serve the trojaned file to presumedly unsuspecting victims only.
iirc, the trojaned version of epic was served to specific ip ranges
only.

--loki

Next message: Steven M. Christey: "Re: [Full-Disclosure] Re: Clarification on Xitami DoS"
Previous message: Steven M. Christey: "Re: [Full-Disclosure] Re: Clarification on Xitami DoS"
In reply to: Nick Lange: "Re: Re: ssh trojaned"
Maybe reply: wozzat_private: "Re: Re: ssh trojaned"
Maybe reply: kevinat_private: "RE: Re: ssh trojaned"
Reply: Nick Lange: "Re: ssh trojaned"
Reply: Joakim Andersson: "Re: ssh trojaned"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 05 2002 - 10:11:16 PDT