sucuri's questions -server

sucuri

Asked: 2009-07-08 09:47:58 +0800 CST

SSH server zero-day exploit - Suggestions to protect ourselves

According to the Internet Storm Center, there seems to be a SSH zero-day exploit out there.

There is some proof of concept code in here and some reference:

This seems to be a serious issue, so every Linux/Unix system administrator should be careful.

How do we protect ourselves if this issue is not patched on time? Or how do you handle zero-day exploits in general?

*I will post my suggestion in the replies.

sucuri

Asked: 2009-07-02 05:52:21 +0800 CST

What are your favorite open source tools?

I believe every system administrator is used to open source by now. From Apache to Firefox or Linux, everyone uses it at least a little bit.

However, most open source developers are not good in marketing, so I know that there are hundreds of very good tools out there that very few people know.

To fill this gap, share your favorite open source tool that you use in your day-to-day work.

*I will post mine in the comments.

SSH server zero-day exploit - Suggestions to protect ourselves

What are your favorite open source tools?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?