Tim Peeler <[EMAIL PROTECTED]> writes: > I've come to the conclusion that the SSH1 protocol is the most > likely cause of this problem.
Attacks on the SSH v1 protocol are relatively sophisticated. It's more likely that some token used for authentication (password, RSA or DSA key) has leaked, that a machine used to access the attacked machines has itself been compromised (e.g. a home machine of an employee), or a trojanized OpenSSH versions exist on your local Debian mirror. Of coure, it _could_ be the protocol, but you would be the first to observe attacks on the inherent protocol weaknesses (not implementation errors). These attacks require wiretapping and traffic manipulation capabilities. If the edge networks are trustworthy, you face a very powerful adversary. Why do you think you are so special?
