On Mon, 2005-09-19 at 14:47 +1200, Pete wrote: > >>> So that means he was out of date - current-release version for > >>> openssh is 4.2p1. > >>> > > > > Thats right, and the current stable version in portage is 3.9p1, which > > has a number of patches applied. I have no doubt that if there are any > > I'm not exactly sure what you mean when you refer to 'Portage',
http://www.gentoo.org One of the better packaging tools > but > if you are referring to the 'portable' release of openssh, according > to their web-site, it is V4.2p1 (and it was released Sep 1 2005). > > The reason I mentioned the out of date ssh binary was because the > other linux machine that I recently saw (that had been remotely- > exploited) was running openssh 3.8p1, and the remote-attacker had > clearly since been using said machine as a scan-tool looking for > other machines running this same version (his script specifically > grepped for "3.8p1") of openssh. 3.8p1 built by whom and with what patches applied? > > In the above instance, the attacker almost certainly came in via an > sshd exploit (there were no other services listening, the root > password was known to no-one etc). > > Anyway, that's enough said about that - for now I keep ssh on a non- > standard port and seem to avoid 99.99% of the scans. strange, most experts seem to disclaim "security through obscurity". > And I keep it up > to date too, of course ;) > > Regards, > Pete >
