8 Aug
2022
8 Aug
'22
4:36 p.m.
I sent this early, but as the wrong person :).
Yes, the hardware is old and nothing more recent than that would install
and run. I use VM's that had more recent versions, but I was stuck at
Fedora 13 for the host hardware. I have a new system on order from
Dell. When I revive the hacked system, it will still probably be
running Fedora 13, but I'll use it for something else.
-Gary
On Fri, Aug 05, 2022 at 12:53:42PM -0700, Brian E. Lavender wrote:
Gary,
You were running Fedora 13?
Brian
On Fri, Aug 05, 2022 at 09:55:57AM -0700, Gary wrote:
----- End forwarded message -----
In thinking a little more, even if they are
attacking the certificate
directly, it is using the user they are logging in as .ssh certificate.
If that user doesn't exist, it seems that the attack should never work.
I guess I still don't understand how they got in. But, my system was
rebooted. There must be more going on. They couldn't log in as root
directly since I, like most of the world, have that disabled and the
logs don't show that.
-Gary
On Fri, Aug 05, 2022 at 09:42:20AM -0700, Gary wrote:
--
Brian Lavender
http://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com Interesting. Looks like keys are a risk. But, I
still don't
understand, and I don't think the article was clear about, how a brute force
SSH password attack is possible over my very limited network. AT&T's
cheapest plan isn't a very big pipe and I use good passwords. The
attacker would have to have a great deal of luck.
Since I use ssh for personal access, I'm considering looking into a
firewall rule that simply walls out any IP that tries to log in with a
user that isn't my account. Another thing that makes me wonder about
this vector is the successful login wasn't from an account on my system.
It seems to me that the keys/certifcates are being attacked directly.
I've read other articles indicating that there are attackers in the wild doing this.
So, it seems to me that eliminating key/certificate logins from outward
facing systems may buy a lot of extra security. There were keys in my
.ssh directory, but whether I installed them or the attacker did, is not
clear. I wouldn't need them, but it is possible I could have created
them at some point over the last 15 years I've been using this system :)
-Gary
On Fri, Aug 05, 2022 at 03:54:33AM -0600, Linus Sphinx wrote:
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com Join the club.
https://www.bleepingcomputer.com/news/security/new-linux-malware-brute-forc…
On Tue, Aug 2, 2022 at 12:43 PM Gary <saclug(a)garymcglinn.com> wrote:
> Hi Brian,
>
> Open letter.
>
> I remember years ago you did a presentation on snort.
>
> Do you still like it?
>
> -Gary
>
> _______________________________________________
> Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
> To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
>
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
881
days inactive
881
days old
0 comments
1 participants
participants (1)
-
saclug@garymcglinn.com