From owner-freebsd-security  Thu Aug  1  2:20:51 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8C19037B400
	for <freebsd-security@freebsd.org>; Thu,  1 Aug 2002 02:20:47 -0700 (PDT)
Received: from yoda.bph.ruhr-uni-bochum.de (yoda.bph.ruhr-uni-bochum.de [134.147.196.7])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A5BEB43E72
	for <freebsd-security@freebsd.org>; Thu,  1 Aug 2002 02:20:43 -0700 (PDT)
	(envelope-from cwe@bph.ruhr-uni-bochum.de)
Received: from gonzo (gonzo [134.147.196.22])
	by yoda.bph.ruhr-uni-bochum.de (8.8.8/8.8.8) with SMTP id LAA26860;
	Thu, 1 Aug 2002 11:20:43 +0200
From: Christoph Wegener <cwe@bph.ruhr-uni-bochum.de>
To: freebsd-security@freebsd.org
Date: Thu, 01 Aug 2002 11:20:42 +0200
X-Priority: 3 (Normal)
Message-Id: <HGZU76GFDONTNIHA674FDA8HCQN1V0.3d48fd6a@gonzo>
Subject: Re: [suse-security] openssh trojan (alert)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Mailer: Opera 6.04 build 1135
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi again,
to be a little more concrete: about 10 minutes ago I downloaded the tarball of openssh-3.4p1 which is actually available on ftp.openbsd.org. 
I untared it, cd'd to openbsd-compat and did a gcc bf-test.c -o bf-test. After this I did sh bftest > bftest.sh and finally got a shell script which 
contains the same as reported on the link below. So there is definitively a connection attempt to this server - but actually I do not know 
waht it is good for. Could there be some legal reaseon for this?!?

Christoph

BTW: were are just trying to double-check the sig of the tarball but due to probs with the keyservers didn't have results for now...

--
    .-.                             Ruhr-Universitaet Bochum
    /v\    L   I   N   U   X        Lehrstuhl fuer Biophysik
   // \\  >Penguin Computing<       c/o Christoph Wegener
  /(   )\                           Gebaeude ND 04/Nord
   ^^-^^                            D-44780 Bochum, GERMANY

Tel: +49 (234) 32-25754             Fax: +49 (234) 32-14626
mailto:cwe@bph.ruhr-uni-bochum.de   http://www.bph.ruhr-uni-bochum.de







To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message