the SSH worm thing

Jesse Keating jkeating at j2solutions.net
Wed May 11 18:56:28 UTC 2005


On Wed, 2005-05-11 at 11:45 -0700, Florin Andrei wrote:
> Correct, but the hash-armoured known_hosts file has the purpose to
> stop
> a potential SSH worm from spreading like wildfire: infect a machine,
> then in a few seconds infect a dozen more, repeat. It's the same
> exponential growth mechanism that made so dangerous some Outlook
> malware
> that were able to read the address book.
> The mechanism you describe is entirely different, it's an altogether
> different attack.
> 

How would this hash interact with the need to modify known_hosts when
systems change and IPs have conflicting mac addresses and such?  This is
about 5 times a week for me here at work in our lab...

-- 
Jesse Keating RHCE      (geek.j2solutions.net)
Fedora Legacy Team      (www.fedoralegacy.org)
GPG Public Key          (geek.j2solutions.net/jkeating.j2solutions.pub)
 
Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating




More information about the devel mailing list