[NBLUG/talk] openssh exploit?

Kyle Rankin kyle at nblug.org
Tue Sep 16 11:36:01 PDT 2003


On Tue, Sep 16, 2003 at 11:31:05AM -0700, Scott Doty wrote:
> On Tue, Sep 16, 2003 at 10:41:33AM -0700, Mitch Patenaude wrote:
> > According to the buzz (Slashdot and the full disclosure list), there is 
> > an active exploit in the wild -- a worm.  Several ISPs have starting 
> > blocking port 22 both because of root exploits on their servers, and 
> > because the worm actively makes MANY connection requests looking for 
> > the right offset, creating a DOS.
> 
> Question:  how can one determine if a system has the worm?
> 
>  -Scott

Until there is definitive information that a worm does exist, and perhaps
example code and/or analysis of the worm, there's no real way of telling.
Apparently there are reports that the worm uses a lot of bandwidth trying
to spread, but again, nothing confirmed.

-- 
Kyle Rankin
NBLUG President
The North Bay Linux Users Group
http://nblug.org
IRC: greenfly at irc.freenode.net #nblug 
kyle at nblug.org



More information about the talk mailing list