From: Kevin Wilcox (kevintux.appstate.edu)
Date: Thu Jul 09 2009 - 10:46:11 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2009/7/9 Charles Majola <charles.listsgmail.com>:

> >From the LWN article (OpenSSH maintainer Damien Miller), its probably
> not real, well just have to wait and see

Agreed.

Even if you *do* believe the secer site, look at the particulars. It's
a brute force. Properly configure your ssh servers (including
rate-limiting, possibly port knocking, key based authentication and
userhost allow
statements) and file this under a non-issue.

Of course this is all theoretical so far so I suppose everyone is free
to wring their hands and gnash their teeth as much as they wish over
this.

Original CC recipients cut because I'm the guy that can't remember
which addresses are subscribed to which lists.

kmw

--
To take from one, because it is thought that his own industry and that
of his fathers has acquired too much, in order to spare to others,
who, or whose fathers have not exercised equal industry and skill, is
to violate arbitrarily the first principle of association, ‘the
guarantee to every one of a free exercise of his industry, & the
fruits acquired by it.'

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]