Hi,
With respect to debian testing, assume we filter SSH access only to a subnet
using the files host.{deny,allow} (see below).
Would this prevent the attack if a malicious payload was not​ sent from the
allowed subnet?
Asking to know if an attack was possible like this, for the few days in March
the backdoor was undetected on debian testing.
/etc/hosts.deny: sshd: ALL
/etc/hosts.allow: sshd: "a_subnet"
Moreover, would it have helped if additionally allowing only public-key
authentication for SSH?
Regards,
Nick
