--OgqxwSJOaUobr8KG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Dec 04, 2001 at 06:43:24PM -0800, Lowell Hamilton wrote:
> That has the signature of an exploited machine.  I have seen several of
> these with the same issues.  When people exploit the CRC-32 ssh hole,
> the rootkits disable ssh to keep others from using the same exploit,
> and it has the affect of locking legit users out as well.  I'm not
> saying it's guaranteed to be it, but it is possible.  If you used any
> redhat distribution or several others they come default with an old
> (pre v2.9) OpenSSH which is vulnerable.
>=20
> Lowell

I built this machine from the ground up from source copies of the latest
distributions of each package. I'm running OpenSSH_3.0p1, with protocols
1.5/2.0. The system was just recently installed to the outside world a few
seconds ago, so it's not possible for it to be rooted this early. =3Dop

--=20
Thomas "Mondoshawan" Tate
phoenix@psy.ed.asu.edu
http://tank.dyndns.org

--OgqxwSJOaUobr8KG
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8DYu+Yp5mUsPGjjwRAveEAKC3OZFb6z+mMyGUpL8c8hD149QkOwCfczGU
m3b3CeKPAabufFQg9/dMtQM=
=qpz8
-----END PGP SIGNATURE-----

--OgqxwSJOaUobr8KG--