So that means he was out of date - current-release version for
openssh is 4.2p1.
Thats right, and the current stable version in portage is 3.9p1, which
has a number of patches applied. I have no doubt that if there are any
I'm not exactly sure what you mean when you refer to 'Portage', but
if you are referring to the 'portable' release of openssh, according
to their web-site, it is V4.2p1 (and it was released Sep 1 2005).
The reason I mentioned the out of date ssh binary was because the
other linux machine that I recently saw (that had been remotely-
exploited) was running openssh 3.8p1, and the remote-attacker had
clearly since been using said machine as a scan-tool looking for
other machines running this same version (his script specifically
grepped for "3.8p1") of openssh.
In the above instance, the attacker almost certainly came in via an
sshd exploit (there were no other services listening, the root
password was known to no-one etc).
Anyway, that's enough said about that - for now I keep ssh on a non-
standard port and seem to avoid 99.99% of the scans. And I keep it up
to date too, of course ;)
Regards,
Pete
