[LUAU] Excellent SSH advice
Vince Hoang
vince at litrium.com
Thu Jan 13 14:29:56 PST 2005
On Wed, Jan 12, 2005 at 10:42:10PM -1000, Dwight Victor wrote:
> Hmmm. If the wrapper is first to receive data, and finds
> that the attempt should be denied, whouldn't it drop the
> connection? Why would it pass the buffered information to
> the SSH daemon? How can you implement a buffer overflow on
> a dropped connection? I think the wrapper should work in a
> similar manner to iptables and drop all subsequent data after
> determining that the attempt is denied.
If you run lsof or netstat on your system, you should see that
sshd, and not tcpd, is listening on tcp/22. Tcpd is not invoked,
and does not shield sshd from attacks.
-Vince
More information about the LUAU
mailing list