On Mon, 24 Jun 2002 23:39:04 -0500 Paul Baker <pbaker@where2getit.com> wrote: > Does the tcp_wrapper use in openssh work that way? It's not like ssh > is running from inetd first being passed through tcpd. I'm just using > the builtin tcpwrapper support of openssh, so I would guess that that > means technically, sshd is handling the request long enough to at > least see what ip it is coming from. May be time to modify my firewall > rules. argh! Of course maybe that won't even help. Of course we don't > know because openbsd is keeping a tight lip, but potentially maybe > someone could craft a malicious packet that appears to come from one > of the trusted ips?? I honestly couldn't tell you. If it's sane, you're fine. TCP_WRAPPERS are supposed to be the first thing that's checked, and given what we know of the nature of the exploit, it seems like the code involved is further on. I could be wrong, though. :) -- ________________________________________________________________________ \ David B. Harris, Systems administrator | http://www.terrabox.com / / eelf@sympatico.ca, elf@terrabox.com | http://eelf.ddts.net \ \======================================================================/ / Clan Barclay motto: Aut agere, aut mori. (Either action, or death.) \ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Attachment:
pgpFYAtgQ9Fda.pgp
Description: PGP signature