Topic: SSH Backdoor?

[ElFroggio]

Hi,

Has anybody seen this SSH backdoor? http://www.theregister.co.uk/2013/11/15/stealthy_linux_backdoor/ and if so, anything we can do to protect ourselves?

Thanks

[CharlieBrady]

... anything we can do to protect ourselves?

Ensure that you protect login access to your root account - for example, don't enable remote password ssh access. Ensure that all your accounts have long strong passwords.

Only install software packages from trusted repositories. Keep your system software up to date.

The ssh packages on your system come from centos.org, and you can be sure that they do as they are cryptographicly signed and the signature verified before installation. The ssh packages cannot be modified/corrupted, unless your system is already compromised.

[ElFroggio]

Thank you for the prompt response. 'My' SSH is not available outside of the local network.

But, I do not understand. How do 'they' generate the SYN packets? Can they genrate the SYN packets from the inside like a firefox/chrome javascript vulnerability?

Thanks

Syv

[CharlieBrady]

But, I do not understand. How do 'they' generate the SYN packets?

I have no idea who you mean by "they". A SYN packet is the first packet in the creation of a TCP connection. So any time a TCP connection is created (e.g. by accessing a website URL) a SYN packet will be generated.