I haven't seen anything about this here and thought I should pass it along. christopher neitzert <chris at neitzert.com> made two postings to the full-disclosure list earlier today. They stated, in part: ***** Does anyone know of or have source related to a new, and unpublished ssh exploit? An ISP I work with has filtered all SSH connections due to several root level incidents involving ssh. Any information is appreciated. ***** and later: ***** More on this; The systems in question are FreeBSD, RedHat, Gentoo, and Debian all running the latest versions of OpenSSH. The attack makes an enormous amount of ssh connections and attempts various offsets until it finds one that works permitting root login. I have received numerous messages from folks requesting anonymity or direct-off-list-reply confirming this exploit; ***** Later, Justin Kreger <jkreger at lwolenczak.net> reported that he had heard that privsec had been enabled on the compromised machines. I am aware that much of this is hearsay, but sometimes smoke -> fire. Anyone have any further information? Cheers, Zube