Help!

Somebody's looking for CBC

  
  
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Security RSS
Next:  Accepted getstream 20081204-1 (source i386)  
Author Message
Allen Kistler
External


Since: Jun 26, 2004
Posts: 367
PostPosted: Sun Aug 23, 2009 3:04 pm    Post subject: Somebody's looking for CBC
Archived from groups: comp>os>linux>security (more info?)
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt

I forget how long ago I learned there was a weakness in CBC modes in
SSH. I don't think it was as early as November 2008, when the
announcement above is dated. Although later versions of SSH have been
fixed, at the time the recommendation was to use CTR modes *only* since
they don't have the same weakness.

People trying to smack my sshd around is nothing new. But last night's
log had something new (for me) in how they're trying.

sshd[32761]: fatal: no matching cipher found: client
aes256-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,rijndael192-cbc,aes128-cbc,rijndael128-cbc,blowfish-cbc,3des-cbc
server aes128-ctr,aes192-ctr

Somebody's specifically looking for CBC.

I don't think it was a legitimate research scan (you know, like how many
web servers have SSL enabled), because they kept trying over and over.

.... just in case you needed another reason to keep your sshd up-to-date
and configured intelligently.
Back to top
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Security All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum