Re: [Leaf-user] An ssh attack against ESb2
Good idea. When I set this up, I was in my 'textbook' phase. I could probably afford to get a little fancier now. -John --- Simon Bolduc [EMAIL PROTECTED] wrote: Another thing you can do is to have SSH listen on a port other than 22. I moved mine up into the 2 range. Most people scan only on well known ports (FTP, WWW, SSH, SMTP, etc) so if they don't find anything they move on, plenty of vulnerable systems out there, why waste time scanning one that doesn't appear to be online, and if it is is probably well protected. S From: John Desmond [EMAIL PROTECTED] To: [EMAIL PROTECTED], LEAF User List [EMAIL PROTECTED] Subject: Re: [Leaf-user] An ssh attack against ESb2 Date: Thu, 14 Feb 2002 12:24:36 -0800 (PST) Right you are. And I just tightened it up to only the one external location I really want to access it from. Too bad that newer OpenSSL is *so-o-o* big. I can't fit it. -John --- Glenn A. Thompson [EMAIL PROTECTED] wrote: hey: Jeff Newmiller wrote: On Sun, 27 Jan 2002, John Desmond wrote: I just picked the following off my ESbeta2 a few minutes ago. It claims a crc32 compensation attack was made against it. It went on for about 1/2 hour. Is it significant that the source port changes with every connection attempt? I have sshd set up to receive connections from two external IPs (EXTERN_TCP_PORTS=0/0_ssh 2 locations Doesn't 0/0_ssh mean that the whole world can connect to port 22 not just two hosts? Glenn __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com __ Do You Yahoo!? Got something to say? Say it better with Yahoo! Video Mail http://mail.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] An ssh attack against ESb2
Right you are. And I just tightened it up to only the one external location I really want to access it from. Too bad that newer OpenSSL is *so-o-o* big. I can't fit it. -John --- Glenn A. Thompson [EMAIL PROTECTED] wrote: hey: Jeff Newmiller wrote: On Sun, 27 Jan 2002, John Desmond wrote: I just picked the following off my ESbeta2 a few minutes ago. It claims a crc32 compensation attack was made against it. It went on for about 1/2 hour. Is it significant that the source port changes with every connection attempt? I have sshd set up to receive connections from two external IPs (EXTERN_TCP_PORTS=0/0_ssh 2 locations Doesn't 0/0_ssh mean that the whole world can connect to port 22 not just two hosts? Glenn __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] An ssh attack against ESb2
Another thing you can do is to have SSH listen on a port other than 22. I moved mine up into the 2 range. Most people scan only on well known ports (FTP, WWW, SSH, SMTP, etc) so if they don't find anything they move on, plenty of vulnerable systems out there, why waste time scanning one that doesn't appear to be online, and if it is is probably well protected. S From: John Desmond [EMAIL PROTECTED] To: [EMAIL PROTECTED], LEAF User List [EMAIL PROTECTED] Subject: Re: [Leaf-user] An ssh attack against ESb2 Date: Thu, 14 Feb 2002 12:24:36 -0800 (PST) Right you are. And I just tightened it up to only the one external location I really want to access it from. Too bad that newer OpenSSL is *so-o-o* big. I can't fit it. -John --- Glenn A. Thompson [EMAIL PROTECTED] wrote: hey: Jeff Newmiller wrote: On Sun, 27 Jan 2002, John Desmond wrote: I just picked the following off my ESbeta2 a few minutes ago. It claims a crc32 compensation attack was made against it. It went on for about 1/2 hour. Is it significant that the source port changes with every connection attempt? I have sshd set up to receive connections from two external IPs (EXTERN_TCP_PORTS=0/0_ssh 2 locations Doesn't 0/0_ssh mean that the whole world can connect to port 22 not just two hosts? Glenn __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] An ssh attack against ESb2
hey: Jeff Newmiller wrote: On Sun, 27 Jan 2002, John Desmond wrote: I just picked the following off my ESbeta2 a few minutes ago. It claims a crc32 compensation attack was made against it. It went on for about 1/2 hour. Is it significant that the source port changes with every connection attempt? I have sshd set up to receive connections from two external IPs (EXTERN_TCP_PORTS=0/0_ssh 2 locations Doesn't 0/0_ssh mean that the whole world can connect to port 22 not just two hosts? Glenn and hosts.allow is ALL:192.168.1.0/255.255.255.0,2 locations) and this isn't one of them. Are there any extra steps I should take to protect my internal home network? DENY all port 22 access through the external interface until you have confirmed that you are not vulnerable. I don't know if there is an ssh v1.2.32 LRP file, but I think Jacques Nilo's OpenSSH is up to date. Read http://www.kb.cert.org/vuls/id/945216 [...] --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] An ssh attack against ESb2
At 20:42 27/01/02 -0800, Jeff Newmiller wrote: I don't know if there is an ssh v1.2.32 LRP file, but I think Jacques Nilo's OpenSSH is up to date. I think you're right. sshd -h tells me (amongst other things) sshd version OpenSSH_3.0p1 Following the link you gave, http://www.kb.cert.org/vuls/id/JPLA-53TPWS says the vulnerability was fixed in OpenSSH 2.3.0 cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] An ssh attack against ESb2
At 20:42 27/01/02 -0800, Jeff Newmiller wrote: I don't know if there is an ssh v1.2.32 LRP file, but I think Jacques Nilo's OpenSSH is up to date. I think you're right. sshd -h tells me (amongst other things) sshd version OpenSSH_3.0p1 In fact the latest available Openssh LEAF package is now 3.0.2p1. Check: http://leaf.sourceforge.net/devel/jnilo Jacques -- Profitez de l'offre spéciale Tiscali Liberty Surf ! 50% de temps en plus pendant 3 mois sur tous les forfaits Internet. http://register.libertysurf.fr/subscribe_fr/signup.php3 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] An ssh attack against ESb2
On Sun, 27 Jan 2002, John Desmond wrote: I just picked the following off my ESbeta2 a few minutes ago. It claims a crc32 compensation attack was made against it. It went on for about 1/2 hour. Is it significant that the source port changes with every connection attempt? I have sshd set up to receive connections from two external IPs (EXTERN_TCP_PORTS=0/0_ssh 2 locations and hosts.allow is ALL:192.168.1.0/255.255.255.0,2 locations) and this isn't one of them. Are there any extra steps I should take to protect my internal home network? DENY all port 22 access through the external interface until you have confirmed that you are not vulnerable. I don't know if there is an ssh v1.2.32 LRP file, but I think Jacques Nilo's OpenSSH is up to date. Read http://www.kb.cert.org/vuls/id/945216 [...] --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user