Why Worry, It’s Only 11 Million Servers At Risk
In the distant past of December 2023 we learned about Terrapin, an SSH vulnerability which tore holes in what was one of our last secure communications protocols. Now that everyone has returned to work, Shadowserver has some news to remind you just how awful this vulnerability could be. They scanned publicly available IP addresses to determine how many internet facing SSH servers were vulnerable and came up with nearly 11 million possible victims. That represents just over half of all the servers they ran the test against, giving you an idea of how big this could be if bad actors begin to leverage it.
The good news is that the detection tool is publicly available so you can check your SSH servers to see if you have successfully hardened them. You don’t need to panic if you are still vulnerable as Terrapin cannot be leveraged unless an attacker already has access to your systems. There should be enough time to resolve any outstanding patching jobs you need to complete before someone figures out a way to make things worse. Your first step is to ensure you are protected against prefix truncation attacks, but it may take more patching that than.
Welcome to security in 2024.