Re: Re: ssh trojanedFrom: Jonas Anden (firstname.lastname@example.org)
- Previous message: Steven M. Christey: "Re: [Full-Disclosure] Re: Clarification on Xitami DoS"
- In reply to: Nick Lange: "Re: Re: ssh trojaned"
- Reply: Tan Wee Yeh: "Re: Re: ssh trojaned"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Jonas Anden <email@example.com> To: firstname.lastname@example.org Date: 05 Aug 2002 19:27:09 +0200
> or perhaps, if I am mirror A have a watchdog script compare my md5 sum to
> every other md5 sum accross the mirrors, and take some action should the
> ratio of unmatching MD5's falls below a certain percentage...
Should the published MD5 sum of a file I have mirrored be different on
*ANY* of the other mirrors (or the primary site) be different from the
calculated MD5 sum of my file, all sorts of bells and whistles should go
off. Something is wrong; either my copy or their copy is bad. Either
way, something needs to be done about it.
Such a scheme would have
a) stopped the mirroring of the trojaned ssh package.
b) detected the trojaned ssh package much faster.