boot force attack help

Chris Carey chris_carey at yahoo.com
Mon Jul 25 21:36:21 MDT 2005


One thing I noticed with Redhat 9, Redhat 10 was that
the default sshd_config was set to downgrade to SSHv1
if SSHv2 fails

In Redhat sshd_config it says:

Protocol 2,1

I ask the group - Is this still the case with current
Fedoras? Please check your config file.

This setting allows the machine to be compromised with
MITM attack. The ssh server can be forced to use SSH1
instead of SSH2 and then compromised using faults in
SSH1. The username/password can be seen as well as the
session. ettercap is one of the tools that can do
this.

For better safety, the setting should be:

Protocol 2

--

-Chris Carey



--- bibhor dhungel <bibhor at gmail.com> wrote:

> hi,
> We are running Fedora Core 3 linux server and it
> seems that our system
> is running boot force attack on other servers. I am
> new to securing
> server and administration. Whats the best way to go
> about and finding
> out if my system is compromised or not and removing
> the problem if
> there's one?
> thanks
> bibhor
> .===================================.
> | This has been a P.L.U.G. mailing. |
> |      Don't Fear the Penguin.      |
> |  IRC: #utah at irc.freenode.net   |
> `==================================='
> 



		
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 
 



More information about the PLUG mailing list