rootkit?

[Dan Hollis]

On Mon, 12 Dec 2005, Chasecreek Systemhouse wrote:
> I would say there is a ssh brute force hack floating around that has
> not been documented yet; as such it is all Server admins best
> interests to remain vigilant.

ssh bruteforcers have been around for a couple years now. it's a sign of 
desperation by spammers -- traditional exploits are no longer effective 
due to selinux, grsecurity et al, so they have switched to bruteforce.

i've seen attacks of upwards of 500mbit/sec of ssh attempts. they don't 
even bother trying to be sneaky about it.

pam_abl is extremely effective in preventing bruteforce attacks:
http://www.hexten.net/pam_abl/

btw you probably don't notice them, but (my|postgre)sql bruteforcers are 
going around too.

-Dan