Full Disclosure mailing list archives
SSH login attempts: tcpdump packet capture
From: "Jay Libove" <libove () felines org>
Date: Sun, 1 Aug 2004 14:03:39 -0400
I got a packet capture of one of the SSH2 sessions trying to log in as a couple of illegal usernames. The contents of one packet suggests an attempt to buffer overflow the SSH server; ethereal's SSH decoding says "overly large value". It didn't seem to work against my system (I see no strange processes running; all files changed in past ten days look normal). I am cross-posting this message and the attached tcpdump packet capture file to the following places to let better people than I analyze it: openssh-unix-dev () mindrot org secureshell () securityfocus com full-disclosure () lists netsys com vulnwatch () vulnwatch org -Jay Libove, CISSP
Attachment:
ssh2.tcpdump
Description: ssh2.tcpdump
Current thread:
- SSH login attempts: tcpdump packet capture Jay Libove (Aug 01)