nanog mailing list archives
Re: new openssh issue
From: up () 3 am
Date: Wed, 17 Sep 2003 15:41:52 -0400 (EDT)
On Wed, 17 Sep 2003, Avleen Vig wrote:
On Tue, Sep 16, 2003 at 03:50:04PM -0400, Valdis.Kletnieks () vt edu wrote:A posting to full-disclosure quotes Theo as saying HP and Cisco are affected, and I don't see any reason that Juniper would *NOT* be, given the common code base of the OpenSSH implementations. I'm not going to say the routers are vulnerable, but I *would* say that ACLs blocking port 22 to the router might be a good idea.....Isn't this a common practice anyway? Has been anywhere sensible I've seen :-)
I thought the whole purpose of running sshd on your router (or any box for that matter) is to be able to access it securely from remote locations. Of course, you could ssh to your patched unix box from outside (assuming your internal network is ok), then ssh back to the router, but you might as well just use telnet then (assuming a properly switched and vlan'd LAN). James Smallacombe PlantageNet, Inc. CEO and Janitor up () 3 am http://3.am =========================================================================
Current thread:
- new openssh issue Len Rose (Sep 16)
- Re: new openssh issue William Allen Simpson (Sep 16)
- Re: new openssh issue Richard A Steenbergen (Sep 16)
- Re: new openssh issue Valdis . Kletnieks (Sep 16)
- Re: new openssh issue Avleen Vig (Sep 17)
- Now a Sendmail issue as well (was Re: new openssh issue) Mike Tancsa (Sep 17)
- Re: new openssh issue up (Sep 17)
- Re: new openssh issue Richard A Steenbergen (Sep 16)
- Re: new openssh issue William Allen Simpson (Sep 16)
- <Possible follow-ups>
- RE: new openssh issue Ingevaldson, Dan (ISS Atlanta) (Sep 16)
- RE: new openssh issue Ingevaldson, Dan (ISS Atlanta) (Sep 16)
- RE: new openssh issue Buhrmaster, Gary (Sep 17)