[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] SSH EXPLOIT IN THE WILD

Subject: Re: [cobalt-users] SSH EXPLOIT IN THE WILD
From: "Paul Warner" <pwarner@xxxxxxxxxxxxxxxxxx>
Date: Tue Sep 16 12:43:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

>
> Hosts.allow >>
> #
> # hosts.allow   This file describes the names of the hosts which are
> #               allowed to use the local INET services, as decided
> #               by the '/usr/sbin/tcpd' server.
> #
> SSHD: 123.123.123.123
> in.telnetd: 123.123.123.123
>
> On the hosts.deny >>
>

I use (watch the wrap - it's one line) to email notice of connections as
well as filtering via hosts.deny/allow and ipchains rules:

SSHD : 68.47.255.231, 216.40.243.26 : spawn (/bin/echo -e "logs\: \n TCP
Wrappers\: Connection Alert\nBy\:            $(uname -n)\ndate\:
$(date)\nhostip\:                %a\nhostname\:      %h\nprocess\:       %d
(pid %p)\nconnectfrom\:   %c\nsource\:        %h %H\nport\:          %d\n"|
/bin/mail -s "Wrappers@$(uname -n)\: %d Connection Alert %c" root ) &

Does that make me paranoid?

--P

Follow-Ups:
- Re: [cobalt-users] SSH EXPLOIT IN THE WILD
  - From: Dave's List Addy

References:
- Re: [cobalt-users] SSH EXPLOIT IN THE WILD
  - From: Dave's List Addy

Prev by Date: RE: [cobalt-users] SSH EXPLOIT IN THE WILD
Next by Date: RE: [cobalt-users] Speaking of Stopping Spam
Previous by thread: Re: [cobalt-users] SSH EXPLOIT IN THE WILD
Next by thread: Re: [cobalt-users] SSH EXPLOIT IN THE WILD

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index