Re: Help... SSH CRC-32 compensation attack detector vulnerability
What is the patch to plug this hole?
K.
* Jason Lim (maillist@jasonlim.com) wrote:
> Reply-To: "Jason Lim" <maillist@jasonlim.com>
> From: "Jason Lim" <maillist@jasonlim.com>
> To: <debian-isp@lists.debian.org>
> Subject: Help... SSH CRC-32 compensation attack detector vulnerability
> Date: Mon, 3 Dec 2001 09:33:07 +1100
> X-Mailer: Microsoft Outlook Express 6.00.2600.0000
>
> Hi,
>
> sigh... yes... some of our servers have been hit with the "SSH CRC-32
> compensation attack detector vulnerability" attack.
>
> some servers have been compromised, and the usual rootkit stuff (install
> root shells in /etc/inetd.conf, bogus syslogd, haxored ps, etc.).
>
> What is an easy way to locate binaries that are different from the ones
> provided in the original debs?
>
> And is there any other relatively easier way of cleaning up a system that
> has had a rootkit installed?
>
> We've done a netstat -a and removed/killed all strange processes, and
> cleaned inetd.conf as much as we can, but some of the programs in
> inetd.conf have themselves also been tampered with (eg. in.telnetd).
>
> Please help... I have a bad feeling the crackers are coming back real soon
> to really finish off the job... so any help at this time in removing all
> their crap would be greatly appreciated.
>
> Sincerely,
> Jason
>
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
#######################################################
Keith Elder
Email: keith@zorka.com
Phone: 1-734-507-1438
Text Messaging (145 characters): mobile@zorka.com
Web: http://www.zorka.com (Howto's, News, and hosting!)
"With enough memory and hard drive space
anything in life is psosible!"
#######################################################
Reply to: