On Fri, Jun 13, 2008 at 08:43:44PM +0300, Tzafrir Cohen wrote: > > And if they fool your log analysis system, then it's regexes aren't > > written tightly enough. > > Aparantly, getting the regex right is a bit trickier than people think. > > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4321 > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6302 > > So getting this regex right is probably a bit tricky.
That can happen. > > And, back on point, that particular sshblocker doesn't give a damn what > > sshd writes in the syslog. > > > > And, no, it's actually not another service listening. > > It responds to external output. I can trigger it to run whenever I want. > Pretty close to a "service". Except that it's invisible to the outside world; it's a side-effect of sshd, without even it's own port. > Consider e.g. a spam filter used by a mail server. It might just as well > have such remotely-exploitable security holes, if badly written. And the > attacker does not even need direct access to the system running the spam > filter. > > Or Asterisk handling proxied SIP/IAX traffic. Sure, in general, being very particular about the taintedness of your data is an important security practice... Cheers, -- jra -- Jay R. Ashworth Baylink [EMAIL PROTECTED] Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
