From owner-freebsd-questions@freebsd.org Tue Jan 9 15:25:28 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 461E3E5BEC6 for ; Tue, 9 Jan 2018 15:25:28 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost2.sentex.ca (smarthost2.sentex.ca [IPv6:2607:f3e0:80:80::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "smarthost.sentex.ca", Issuer "smarthost.sentex.ca" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 13D44812CC for ; Tue, 9 Jan 2018 15:25:27 +0000 (UTC) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (lava.sentex.ca [IPv6:2607:f3e0:0:5::11]) by smarthost2.sentex.ca (8.15.2/8.15.2) with ESMTPS id w09FPQHN063564 (version=TLSv1 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Tue, 9 Jan 2018 10:25:26 -0500 (EST) (envelope-from mike@sentex.net) Received: from [192.168.43.26] (saphire3.sentex.ca [192.168.43.26]) by lava.sentex.ca (8.15.2/8.15.2) with ESMTP id w09FPOeb059855; Tue, 9 Jan 2018 10:25:24 -0500 (EST) (envelope-from mike@sentex.net) Subject: =?UTF-8?Q?Re:_Meltdown_=e2=80=93_Spectre?= To: byrnejb@harte-lyne.ca, freebsd-questions@freebsd.org References: <3037cb3560fe970cdfb789a265faf21b.squirrel@webmail.harte-lyne.ca> From: Mike Tancsa Organization: Sentex Communications Message-ID: Date: Tue, 9 Jan 2018 10:25:23 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: <3037cb3560fe970cdfb789a265faf21b.squirrel@webmail.harte-lyne.ca> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.78 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jan 2018 15:25:28 -0000 On 1/9/2018 9:38 AM, James B. Byrne via freebsd-questions wrote: > I have read some accounts which seem to imply that the rate of ssh > attacks measurably increased following the announcement of these two > flaws. The implication being that there was some cause and effect > relationship. I cannot fathom what this could be. They are up, but I suspect its the normal uptick post holidays. Here is a pretty well sampled view of scanning https://isc.sans.edu/port.html?port=22 I seem to recall similar trends in previous years. > if only authorized software is permitted to run therein, then how much > of a threat does this development pose to such? Well, its hard to say and I guess it depends who the attackers are and what their goals are. If its opportunistic bots just hammering away in brute force at your perimeter, its one thing. If its someone trying to figure out out to get access to your internal network thats another. Breaches of the later I think will often be chained. e.g. use a broken web facing app to allow the attacker to upload and execution of arbitrary code. That code then can work on exploiting other, local vulnerabilities including meltdown/spectre. In that sense, its another (serious) local priv escalation issue to worry about. > > It seems to me that public 'cloud' environments is where this sort of > stuff would find its most vulnerable targets. Private data systems > are no more likely to succumb to attacks along this vector than to any > other routinely available rootkit. Is that a fair assessment? I think what Spectre and Meltdown uniquely bring to the table are ways to attack neighbouring VMs that were previously thought to be relatively safe. A local root kit was a local root kit. With Meltdown, all the VM instances are only as safe as the weakest link on that hardware. There have been bugs in the past that allowed this type of attack, but those were relatively rare and hard to exploit (IIRC). ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/