On Oct 28, 2012, at 8:02, pe...@bsdly.net (Peter N. M. Hansteen) wrote: > I stumbled across this little gem of a blog post, I think this deserves > a wider audience, via my twitter feed: > http://mina.naguib.ca/blog/2012/10/22/the-little-ssh-that-sometimes-couldnt.html > > To be filed under "tcpdump is your friend" and I must say I admire their > perseverance in finding the root cause of the problem.
Wow. That's a bit past perseverance and in to being obsessive. Fascinating read. Thank you. > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. Imagine if this had flipped the evil bit! How would we know if the packet was evil or not? Ugly.
