Dude not that I know of, I asked around, and bio, said crt32 I think it was takes a while to break it, but he didn't know if it was a worm... Only problem when asking questions when everyone is work, noone is about.
iron saTan ----- Original Message ----- From: "Colin McKinnon" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, October 26, 2001 1:51 PM Subject: [scottish] SSH worm? > Hi, > > Am I the only one to be seeing lots of hits on my ssh ports from Linux > boxes? I got absolutely hammered by a machine belonging to an ISP yesterday > - 50+ hits/second - so much so that I re-wrote my guard-bot. They seem to > have unplugged the box since I phoned them - they promised to call back but > never have done. > > Since then I've been seeing intermittent hits (but no bursts). I saw the > warning re ssh vulnerabilities but I though this only affected which hosts > users connected from (surely nobody would only use the IP address/host key > as authentication?). I suppose this would still allow someone to mount a > dictionary attack where password authentication was enabled. > > ....or am I missing something? > > If there's any SSH/security gurus out there....if I've compiled against the > tcp-wrappers library does this bug affect access controls implemented with > hosts.allow/deny or is it just in the > > Colin > > -------------------------------------------------------------------- > http://www.lug.org.uk http://www.linuxportal.co.uk > http://www.linuxjob.co.uk http://www.linuxshop.co.uk > -------------------------------------------------------------------- > -------------------------------------------------------------------- http://www.lug.org.uk http://www.linuxportal.co.uk http://www.linuxjob.co.uk http://www.linuxshop.co.uk --------------------------------------------------------------------
