Security Incidents mailing list archives
Re: Netscreen 5XT SSH Traffic
From: Ben Blakely <bab () iastate edu>
Date: Sat, 19 Mar 2005 11:32:58 -0600
Hello List,Thank you all for your input! I am taking all of your comments into consideration. Additionally, Juniper has become aware of this issue and I am working with them to investigate the issue to the fullest extent possible. Once it is resolved, I will post the findings here.
/ben Blakely Michael Peppard wrote:
Dante Mercurio wrote:I can't tell from your email what indications you currently have thatthis came through the firewall and was not spoofed from the inside in some manner. I've always found the Netscreen to be a pretty secure device and this would be a serious flaw. Are there any other methods onto the network such as dial-in, VPN, or vendor connections? Attacks can originate from any of these without a flaw in the firewall software.M. Dante Mercurio, CISSP, CWNA, Security+, SCSPOr much more likely, he has a compromised server. SSH traffic in a restricted area is the single biggest give-a-way that you've been compromised.-Mike
Current thread:
- Netscreen 5XT SSH Traffic Ben Blakely (Mar 18)
- Re: Netscreen 5XT SSH Traffic Jonathan Nichols (Mar 18)
- <Possible follow-ups>
- RE: Netscreen 5XT SSH Traffic Dante Mercurio (Mar 18)
- Message not available
- Re: Netscreen 5XT SSH Traffic Michael Peppard (Mar 18)
- Re: Netscreen 5XT SSH Traffic Ben Blakely (Mar 21)
- Message not available