[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] SSH EXPLOIT IN THE WILD

Subject: Re: [cobalt-users] SSH EXPLOIT IN THE WILD
From: "Mark S Burgunder" <maillist-raq@xxxxxxxxxx>
Date: Thu Sep 18 03:29:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On 9/16/03 2:42 PM, "Paul Warner" wrote:

> SSHD : 68.47.255.231, 216.40.243.26 : spawn (/bin/echo -e "logs\: \n TCP
> Wrappers\: Connection Alert\nBy\:            $(uname -n)\ndate\:
> $(date)\nhostip\:                %a\nhostname\:      %h\nprocess\:
> %d
> (pid %p)\nconnectfrom\:   %c\nsource\:        %h %H\nport\:
> %d\n"|
> /bin/mail -s "Wrappers@$(uname -n)\: %d Connection Alert %c" root ) &
>
> Does that make me paranoid?

This is great. I have put it in my hosts.allow file as well.
I have played around a bit with the IP addresses and read he man pages for
hosts.allow but could not figure out how I would change the above 'line'
so that it always get's executed, no matter what ip address the SSH
connection originates from.

Has anyone an idea what I should put in the ip-address spot to avtivate
this rule always?

Cheers
Mark S Burgunder

Follow-Ups:
- Re: [cobalt-users] SSH EXPLOIT IN THE WILD
  - From: Larry Smith

References:
- Re: [cobalt-users] SSH EXPLOIT IN THE WILD
  - From: Paul Warner
- Re: [cobalt-users] SSH EXPLOIT IN THE WILD
  - From: Dave's List Addy

Prev by Date: [cobalt-users] /var/spool/mail/.forward: World writable directory - Raq3
Next by Date: Re: [cobalt-users] Setting Time on RAQ4
Previous by thread: Re: [cobalt-users] SSH EXPLOIT IN THE WILD
Next by thread: Re: [cobalt-users] SSH EXPLOIT IN THE WILD

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index