Re: Re: ssh trojaned

From: Jonas Anden (dajudgeat_private)
Date: Mon Aug 05 2002 - 10:27:09 PDT

Next message: Blue Boar: "[Fwd: In regards to ... http://online.securityfocus.com/bid/5382]"

Previous message: Steven M. Christey: "Re: [Full-Disclosure] Re: Clarification on Xitami DoS"
In reply to: Nick Lange: "Re: Re: ssh trojaned"
Reply: Tan Wee Yeh: "Re: Re: ssh trojaned"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> or perhaps, if I am mirror A have a watchdog script compare my md5 sum to
> every other md5 sum accross the mirrors, and take some action should the
> ratio of unmatching MD5's falls below a certain percentage...

Should the published MD5 sum of a file I have mirrored be different on
*ANY* of the other mirrors (or the primary site) be different from the
calculated MD5 sum of my file, all sorts of bells and whistles should go
off. Something is wrong; either my copy or their copy is bad. Either
way, something needs to be done about it.

Such a scheme would have
a) stopped the mirroring of the trojaned ssh package.
b) detected the trojaned ssh package much faster.

  // J

Next message: Blue Boar: "[Fwd: In regards to ... http://online.securityfocus.com/bid/5382]"
Previous message: Steven M. Christey: "Re: [Full-Disclosure] Re: Clarification on Xitami DoS"
In reply to: Nick Lange: "Re: Re: ssh trojaned"
Reply: Tan Wee Yeh: "Re: Re: ssh trojaned"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 05 2002 - 10:47:17 PDT