On Monday, June 24, 2002, at 11:20 PM, David B Harris wrote:
We have no way of being sure, since the nature of the exploit and the
specifics aren't being told.
However, supposedly, you need to be able to talk to the sshd in order to
exploit it. So if nothing (or nothing malicious) can open a connection,
you're fine.
Does the tcp_wrapper use in openssh work that way? It's not like ssh is
running from inetd first being passed through tcpd. I'm just using the
builtin tcpwrapper support of openssh, so I would guess that that means
technically, sshd is handling the request long enough to at least see
what ip it is coming from. May be time to modify my firewall rules.
argh! Of course maybe that won't even help. Of course we don't know
because openbsd is keeping a tight lip, but potentially maybe someone
could craft a malicious packet that appears to come from one of the
trusted ips??
--
Paul Baker
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, 1759
GPG Key: http://homepage.mac.com/pauljbaker/public.asc
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]