--LQksG6bCIzRHxTLp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Dec 04, 2001 at 08:39:22PM -0700, KevinO wrote: > What are the contents of : >=20 > $HOME/.ssh/config Nonexistant. > /etc/ssh/ssh_config Defaults that come with the OpenSSH source. > Thomas Mondoshawan Tate wrote: > >=20 > > On Tue, Dec 04, 2001 at 06:43:24PM -0800, Lowell Hamilton wrote: > > > That has the signature of an exploited machine. I have seen several = of > > > these with the same issues. When people exploit the CRC-32 ssh hole, > > > the rootkits disable ssh to keep others from using the same exploit, > > > and it has the affect of locking legit users out as well. I'm not > > > saying it's guaranteed to be it, but it is possible. If you used any > > > redhat distribution or several others they come default with an old > > > (pre v2.9) OpenSSH which is vulnerable. > > > > > > Lowell > >=20 > > I built this machine from the ground up from source copies of the latest > > distributions of each package. I'm running OpenSSH_3.0p1, with protocols > > 1.5/2.0. The system was just recently installed to the outside world a = few > > seconds ago, so it's not possible for it to be rooted this early. =3Dop > >=20 > > -- > > Thomas "Mondoshawan" Tate > > phoenix@psy.ed.asu.edu > > http://tank.dyndns.org > >=20 > > ---------------------------------------------------------------------= --- > > Part 1.2Type: application/pgp-signature >=20 > --=20 > Kevin O'Connor > =20 > "People will be free to devote themselves to activities that are fun > ...=20 > =20 > The GNU Manifesto - Copyright (C) 1985, 1993 Free Software Foundation, > Inc. > ________________________________________________ > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't p= ost to the list quickly and you use Netscape to write mail. >=20 > PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --=20 Thomas "Mondoshawan" Tate phoenix@psy.ed.asu.edu http://tank.dyndns.org --LQksG6bCIzRHxTLp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8DZx7Yp5mUsPGjjwRAvI4AJ4qKEPfUHHF7VY/AAclwIUtAQILigCaA9IN Q9prRce+kDP+HjBaLgd2WNw= =w7ZF -----END PGP SIGNATURE----- --LQksG6bCIzRHxTLp--