OpenSSH 3.7 barusan dirilis utk mengatasi masalah ini - http://www.openssh.org SOL.
regards, -HS On 16/09/2003 at 11:27 PM [EMAIL PROTECTED] wrote: >----------------------->8------------------------------------------- > >christopher neitzert [EMAIL PROTECTED] >Mon, 15 Sep 2003 13:48:34 -0400 > >--=-sz+BJAPCz1yL37OtGOWm >Content-Type: text/plain >Content-Transfer-Encoding: quoted-printable > >More on this; > >The systems in question are FreeBSD, RedHat, Gentoo, and Debian all >running the latest versions of OpenSSH. > >The attack makes an enormous amount of ssh connections and attempts >various offsets until it finds one that works permitting root login. > >I have received numerous messages from folks requesting anonymity or >direct-off-list-reply confirming this exploit; > >The suggestions I have heard are: > >Turn off SSH and > >1. upgrade to lsh. > >or > >2. add explicit rules to your edge devices allowing ssh from only-known >hosts. > >or > >3. put ssh behind a VPN on RFC-1918 space. > >thanks. -- Kampanye open-source Indonesia - http://www.DariWindowsKeLinux.com Solusi canggih, bebas ikatan, dan bebas biaya -- Berhenti langganan: [EMAIL PROTECTED] Arsip dan info: http://linux.or.id/milis.php
