There are those who run sshd on a non-standard port and log all attempts to conn... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		guenthert on March 31, 2024 \| parent \| context \| favorite \| on: XZ backdoor: "It's RCE, not auth bypass, and gated... There are those who run sshd on a non-standard port and log all attempts to connect to the standard port though.

Hackbraten on March 31, 2024 [–]

Those connection attempts wouldn't ever reach the daemon though, let alone get to preauth. So how would an exploitation attempt even be distinguishable from, say, a harmless random password guess if neither ever gets to see the daemon?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact