[TriLUG] SSH Probing...

Dan Chen crimsun at email.unc.edu
Wed Mar 13 16:56:27 EST 2002


On Wed, Mar 13, 2002 at 08:27:02AM -0500, Steve wrote:
> Don't know if any of you have noticed this or not, but over the last few months
> I have started to get hackers probing my SSH port on my Linux box on my cable
> modem.  There must be some kind of SSH exploit that they are looking for..

It's even worse if you're connected to ircds 24/7; they're teeming with
kiddies. ;) From my logs I'm scanned every twenty minutes or so from
unique blocks.

The last five or so bullets on http://www.openssh.com/security.html
lists the most common ones. I simply -j DROP (iptables) any packet
incoming on 22(tcp/udp) unless it originates from a set of trusted
machines. On most current distros the zlib vuln is easily corrected by
upgrading zlib, since ssh/d rely on the shared lib.

-- 
Dan Chen                 crimsun at email.unc.edu
GPG key:   www.unc.edu/~crimsun/pubkey.gpg.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20020313/ae79d283/attachment.pgp>


More information about the TriLUG mailing list