boot force attack help

Chris Carey chris_carey at
Mon Jul 25 21:36:21 MDT 2005

One thing I noticed with Redhat 9, Redhat 10 was that
the default sshd_config was set to downgrade to SSHv1
if SSHv2 fails

In Redhat sshd_config it says:

Protocol 2,1

I ask the group - Is this still the case with current
Fedoras? Please check your config file.

This setting allows the machine to be compromised with
MITM attack. The ssh server can be forced to use SSH1
instead of SSH2 and then compromised using faults in
SSH1. The username/password can be seen as well as the
session. ettercap is one of the tools that can do

For better safety, the setting should be:

Protocol 2


-Chris Carey

--- bibhor dhungel <bibhor at> wrote:

> hi,
> We are running Fedora Core 3 linux server and it
> seems that our system
> is running boot force attack on other servers. I am
> new to securing
> server and administration. Whats the best way to go
> about and finding
> out if my system is compromised or not and removing
> the problem if
> there's one?
> thanks
> bibhor
> .===================================.
> | This has been a P.L.U.G. mailing. |
> |      Don't Fear the Penguin.      |
> |  IRC: #utah at   |
> `==================================='

Start your day with Yahoo! - make it your home page 

More information about the PLUG mailing list