[BlueOnyx:12271] Re: Kernel 0-day vulnerability + SSHd Spam Exploit (libkeyutils.so.1.9)
Chris Gebhardt - VIRTBIZ Internet
cobaltfacts at virtbiz.com
Thu Feb 21 16:57:25 -05 2013
On 2/21/2013 11:17 AM, David Hahn wrote:
> Not everyone has local access to the routers..
Sometimes it's a blessing, sometimes it's a curse. ;)
> How about controlling access with the hosts files.? We have always used
> them and install
> a small program that runs every 5 mins. on the users site that registers
> only their IP address. Any
> shell login sends the system admin a email too. Working on a simple
> script to alert the admin
> if it sees the libkeyutils.so.1.9... If we find this what should we do
> with it?
Restricting access with hosts.deny / hosts.allow is not going to be
effective against this exploit, since tcpwrappers will not stop the
problem.
You'll need to restrict access to SSH with a firewall of some sort (ie:
hardware firewall, ACL at the router, or IPTABLES) to avoid getting hit
by this.
--
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ
More information about the Blueonyx
mailing list