[BlueOnyx:12274] Re: Kernel 0-day vulnerability + SSHd Spam Exploit (libkeyutils.so.1.9)
Steven Howes
steve-lists at geekinter.net
Fri Feb 22 04:12:39 -05 2013
On 22 Feb 2013, at 04:37, Eiji Hamano wrote:
>> ---- Chris Gebhardt wrote -----
>> You'll need to restrict access to SSH with a firewall of some sort (ie:
>> hardware firewall, ACL at the router, or IPTABLES) to avoid getting hit
>> by this.
> Yes, Restricted access of SSH is nice.
> I proposed it in the past, it did not accept although.
What didn't accept? You can use iptables on (almost) any Linux box including BlueOnyx.
> Why ? You said :
>>> don't trust any data on the old box and start fresh.
Iptables etc (whilst good practice) doesn't actually fix the problem. Seeing a damaged box allows two things:
1) To work out how they got in
2) To work out what they have done as a result
Both of these are useful in defending boxes, and preventing it being possible in the first place.
Steve
More information about the Blueonyx
mailing list