I sure am. Remote root exploits have been announced within the last few weeks for several of the most widely used DMZ network services: Apache, OpenSSH, and now the resolver libraries used in the nearly ubiquitous ICS BIND (among other things). It's been crazy trying to get all the servers I'm responsible for updated without breaking anything or causing loss of service. Unfortunately I think we're going to see a lot of hacked systems over the next several months. I hope things calm down a little so I can take a well-deserved long weekend after the 4th.
John - I spent 3 hours last week updating OpenSSH on the servers I'm responsible for. Forgot to compile it with PAM support the first time around (doh!) and had to re-do it all. Not fun.
I'm with ya Kolya. Maybe the market will rebound so I can finall get a job. 2 months now being unemployed and I'm going freakin' nuts.
One of my great fears is HUP'ing the new sshd on one of my remote systems and have it fail, locking me out (especially troubling in that many of the systems I administer are 7,500 miles away...). I've learned to temporarily open telnet (with OPIE) during these updates.
I'm glad I purposely run an old version of ssh (the ssh1 series, the way we use it, we're not vulnerable to the attack). Having to fix all of the apache installs sucked though. Our bind is okay too, because of the way we use it. zlib a few months ago -really- sucked. There've been a bunch of unix exploits recently. For awhile, we weren't getting any, and all of the NT guys were working OT. Ah well. Maybe we'll get some new platform agnostic denial of service attack in a few months. Always good to have something like that around when the students come back.
I use a few Livingston PortMaster 2E's for serial access to most of the routers, switches, servers and IDSUs at our central office. Those PM2Es work great even after all these years. I am thinking of deploying some old laptops to some of our more remote locations for the same purpose. Nothing worse than locking yourself out of something in the middle of the night.
It's amazing; those PortMasters can be picked up for under $100 on ebay... Remember what they went for new?!?
