dr.pooter's questions

Possible Duplicate:
SSH server 0-day exploit - Suggestions to protect ourselves

In light of the current speculation of a new zero-day exploiting a remote vulnerability against OpenSSH, I'm curious to answer a couple of questions.

• What steps do you take to mitigate this risk?

Implement hard ingress filters? I understand that at least one major hosting provider has done this.

Disable the service until risk is better understood? Can you rapidly identify running versions across your network?

• How do you verify the extent of the risk?

In-house source code eval? Do you have those skills?

Favorite security sites/feeds? How do you determine fact from rumor?

• How does your change management system deal with these changes?

Have an expedited process for emergency changes? Can you pull an eval and execute a plan in one day?

Some links:

http://isc.sans.org/diary.html?storyid=6742

http://74.125.95.132/search?q=cache:Y41uUwkWZeEJ:www.webhostingtalk.com/showthread.php%3Fp%3D6270083

I'm wondering if placing a user in the Power Users groups restricts that user's ability to remotely mount either admin$ or c$. My limited testing tells me that they can, but I'm curious to hear other thoughts from more experienced MS admins.

So far, Microsoft's docs on this are not useful, if you can point me to a doc with a definitive answer, that would be great too.

In our NOC, we maintain situational awareness of all physical security zones (reactive video feeds), some basic information about the physical characteristics of the data centers, the weather and a national news feed. Are there other things you recommend a NOC monitor, or is this considered good enough.

Does anybody know if it's possible to disable error messages, such as invalid password, in the rdesktop client on unix? I'd like to write a script that uses rdesktop in a while loop, but it seems to hang if I don't auth properly.