Ask HN: SSHD Rootkit?

3 points by DASD ↗ HN
Curious if any of the security-minded folk here have heard or looked into this file mentioned in a discusison on webhostingtalk.com :

http://www.webhostingtalk.com/showthread.php?t=1235797

Archive(single page) view for quicker perusing: http://www.webhostingtalk.com/archive/index.php/t-1235797.html

I just submitted this and I guess the post was marked as dead because of the domain name?

1 comment

[ 3.4 ms ] story [ 13.5 ms ] thread
Just checked my servers, and not infected (but neither even have libkeyutils, so I don't think I'm vulnerable to this).

After being burned in the past, I always install iptables and block incoming connections. Plus I only allow ssh access to certain ip addresses. This means that even in the worst case if a vulnerability lets a rootkit get installed, there isn't much they can do after that.