

Ask HN: SSHD Rootkit? - DASD

Curious if any of the security-minded folk here have heard or looked into this file mentioned in a discusison on webhostingtalk.com :<p>http://www.webhostingtalk.com/showthread.php?t=1235797<p>Archive(single page) view for quicker perusing:
http://www.webhostingtalk.com/archive/index.php/t-1235797.html<p>I just submitted this and I guess the post was marked as dead because of the domain name?
======
dwj
Just checked my servers, and not infected (but neither even have libkeyutils,
so I don't think I'm vulnerable to this).

After being burned in the past, I always install iptables and block incoming
connections. Plus I only allow ssh access to certain ip addresses. This means
that even in the worst case if a vulnerability lets a rootkit get installed,
there isn't much they can do after that.

