 |
|
| Linux Forum Index » Linux Security » Somebody's looking for CBC... |
|
Page 1 of 1 |
|
| Author |
Message |
| Allen Kistler... |
 Posted: Sun Aug 23, 2009 2:04 pm |
|
|
|
Guest
|
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
I forget how long ago I learned there was a weakness in CBC modes in
SSH. I don't think it was as early as November 2008, when the
announcement above is dated. Although later versions of SSH have been
fixed, at the time the recommendation was to use CTR modes *only* since
they don't have the same weakness.
People trying to smack my sshd around is nothing new. But last night's
log had something new (for me) in how they're trying.
sshd[32761]: fatal: no matching cipher found: client
aes256-cbc,rijndael256-cbc,rijndael-cbc at (no spam) lysator.liu.se,aes192-cbc,rijndael192-cbc,aes128-cbc,rijndael128-cbc,blowfish-cbc,3des-cbc
server aes128-ctr,aes192-ctr
Somebody's specifically looking for CBC.
I don't think it was a legitimate research scan (you know, like how many
web servers have SSL enabled), because they kept trying over and over.
.... just in case you needed another reason to keep your sshd up-to-date
and configured intelligently. |
|
|
| Back to top |
|
|
|
|
|
All times are GMT - 5 Hours
The time now is Thu Nov 26, 2009 3:29 pm
|
|