Hi. On Thu, Dec 25, 2014 at 10:18:11AM -0500, Jerry Stuckle wrote: > On 12/25/2014 8:54 AM, Andre N Batista wrote: > > On Wed, Dec 24, 2014 at 11:18:36AM -0500, Jerry Stuckle wrote: > >> On 12/24/2014 2:01 AM, Danny wrote: > >>> Hi Bob, > >>> > >>> You were right, SFTP, FileZilla and Proftp confused the hell out of me > >>> ... lol > >>> ... I must add in my defense though that I was in a state of panic after > >>> syslog > >>> warned me of an attack by someone during the night via ssh ... So I > >>> frantically tried to > >>> make ssh and Proftp work together without reading the online guides > >>> properly ... > >>> > >>> Sometimes one does stupid things ... lol ... > >>> > >>> Thanks for everyone's input ... > >>> > >>> Danny > >>> > >> > >> Danny, > >> > >> As a side note - don't panic over SSH attacks. Instead, use the right > >> tools and techniques to secure your systems and let them do their jobs. > >> Monitor the server to ensure you didn't leave any holes. > >> > >> For instance, Fail2ban blocked over 100 IP's from accessing one of my > >> servers on yesterday alone. The attacks keep coming, but none have ever > >> succeeded. > > > > Not surprisingly, I mostly agree with the advice given here, we all > > learnt from the same sources. > > > > Nonetheless, since you claimed to be using puTTy for your ssh needs on > > windows, I should warn you that recently someone claimed to be able to > > use it as a means to compromise a ssh server: > > > > http://seclists.org/fulldisclosure/2014/Dec/42 > > > > I have not put it's claims to test, but since the last stable version of > > putty dates back one year > > > > http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html > > > > and since there seems to be no mention of this bug on putty bug tracking > > system > > > > http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/ > > > > I guess you should deploy it at large, at least until it has been fixed. > > > > Good luck! > > > > It's possible to corrupt ANY program if you replace a .dll or .so with > your own code.
Indeed. But the program which can be tricked to use your own library instead of a system one - is called vulnerable usually. I don't mean LD_PRELOAD or LD_LIBRARY_PATH tricks but something akin to a braindead Windows behavior (which looks for libraries in a current dir first). Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141225162314.GB5215@x101h