On Tue, May 19, 2009 at 10:29 PM, Keiran Smith <affix@xxxxxxxxxxxxxxxxx> wrote: > Hey Mike, > > That is a very interesting find to me personally. System and Software > Security is something I have great interest in. I am a security advisor in a > datacenter in the UK. However the article > http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt says this is a > very severe attack although the possibility of a sucessful attack is Very > low. But you can never be too careful about these things. > Software vendors may be getting more technicologically advanced but so are > exploit coders. For example PHP addslashes() was added to stop SQL Injection > exploits by adding a slash to every quotation. Attackers realised PHP didnt > parse HEX code but mySQL Server did. This makes me wonder if The posibility > of an attack using this vulnerability is fairly high rather than low. > > On Tue, May 19, 2009 at 5:49 PM, Mike McGrath <mmcgrath@xxxxxxxxxx> wrote: >> >> If y'all see an ssh session dropping constantly (like, 11356 times :) let >> me know. >> >> http://www.openssh.com/txt/cbc.adv >> >> -Mike >> >> _______________________________________________ >> Fedora-infrastructure-list mailing list >> Fedora-infrastructure-list@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > > > -- > Keiran Smith > - Fedora Ambassador / BugZapper - <affix@xxxxxxxxxxxxxxxxx> > - Free Software Foundation Associate - <keiran.smith@xxxxxxxxxxxxxx> > - http://keiran-smith.net > - Call me on +44 (0) 131 208 4347 > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > I use iptables "recent" module as well the "limit" modules to handle the sustained brute-force attempts on a box that I manage. Maybe, it could help in delaying this attack - although, I don't understand the technical details of the exploit other than the "an attacker would expect around 11356 connection-killing attempts before they are likely to succeed" part. Didar _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
