the SSH worm thing
Jesse Keating
jkeating at j2solutions.net
Wed May 11 18:56:28 UTC 2005
On Wed, 2005-05-11 at 11:45 -0700, Florin Andrei wrote:
> Correct, but the hash-armoured known_hosts file has the purpose to
> stop
> a potential SSH worm from spreading like wildfire: infect a machine,
> then in a few seconds infect a dozen more, repeat. It's the same
> exponential growth mechanism that made so dangerous some Outlook
> malware
> that were able to read the address book.
> The mechanism you describe is entirely different, it's an altogether
> different attack.
>
How would this hash interact with the need to modify known_hosts when
systems change and IPs have conflicting mac addresses and such? This is
about 5 times a week for me here at work in our lab...
--
Jesse Keating RHCE (geek.j2solutions.net)
Fedora Legacy Team (www.fedoralegacy.org)
GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub)
Was I helpful? Let others know:
http://svcs.affero.net/rm.php?r=jkeating
More information about the devel
mailing list