|
| The AccuTerm forum has moved. Go to community.rocketsoftware.com to register for the new Rocket forum. |
|
Post Reply 
|
| Author | |
chrismac2 
Newbie 
Joined: July 07 2014 Location: United States Status: Offline Points: 1 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Accuterm and Ebury SSH rootkit detectionPosted: July 07 2014 at 10:00am |
|
Hello,
I am troubleshooting an issue where some users I support who use Accuterm to connect via SSH to a system outside are network, are triggering Symantec Alerts on our firewall for the Ebury SSH Rootkit Command and Control traffic.
Are there any other reports for this? Is it a problem with the SSH built into Accuterm?
|
|
 |
|
|
PSchellenbach
Admin Group 
Moderator Joined: December 15 2003 Location: United States Status: Offline Points: 2150 |
Post Options
Thanks(0)
Quote Reply
Posted: July 09 2014 at 5:27am |
|
Hi Chris -
I don't think AccuTerm can cooperate with the Ebury SSH exploit. Maybe Symantec is catching a false positive. I did a quick search about Ebury SSH and the analysis at this site http://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/ indicates that the client needs to send a carefully crafted SSH version string when the connection is set up. The string sent by AccuTerm is
Thanks, Pete |
|
|
|
|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
Accuterm and Ebury SSH rootkit detection
Topic Options