Hacker News new | past | comments | ask | show | jobs | submit login

SSH is not mentioned as being used by the malware anywhere in the article. Do you have more information about this?



Not directly but through frequent analysis of many other network-based forensic activities of such initial and lateral movements.

But, it remains a viable vector to watch for, even if with A “non-existent” custom-patched OpenSSH (ie. hopefully Cloudflare again?) to log network-based frequency analysis of encrypted SSH packets being sent over multi-session SSH over a single TCP connection (of which that too remains merely a bandaid-afterthought defensive form of cybersecurity).

`MaxSessions 1` is a serious but good impediment of such an initial and lateral vector, one that should be implemented at all Jump and Bastion SSH servers … by default.

Of course, that and short-lived SSH PKI management too.

https://blog.cloudflare.com/ssh-command-logging/


> `MaxSessions 1` is a serious but good impediment of such an initial and lateral vector, one that should be implemented at all Jump and Bastion SSH servers … by default.

Really? Is that not exactly what "jump" means? To be able to hop to the next ssh server through this one, by means of ProxyJump ?


https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_J...




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: