Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MASSIVE ssh attack attempt

From: Robert.Graham () NETWORKICE COM (Robert Graham)
Date: Fri, 18 Feb 2000 15:15:03 -0800

PCanywhere uses UDP/22 rather than TCP/22.

http://www.robertgraham.com/pubs/firewall-seen.html#port22

My guess this is just a massive sacan for the recent RSAREF bug.

Rob.

-----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTS () securityfocus com]On
Behalf Of Filip M. Gieszczykiewicz
Sent: Thursday, February 17, 2000 11:54 AM
To: INCIDENTS () securityfocus com
Subject: Re: MASSIVE ssh attack attempt

On Tue, 15 Feb 2000, Mark Shirley wrote:

Our network has been recving massive amounts of ssh connection attempts in

a short period of time.

Feb 15 22:02:13 entropy2 iplog[24745]: TCP: ssh connection attempt from
210.134.59.39:1297
Feb 15 22:02:13 entropy2 iplog[24745]: TCP: ssh connection attempt from
36.56.53.111:1972
Feb 15 22:02:16 entropy2 iplog[24745]: TCP: ssh connection attempt from

[snip]

Isn't it PCAnywhere that walks the range looking for its ilk on port 22
(ssh)? Are you sure it's a "ssh connection attempt" or is that your
logger interpretation of "pcA port 22 connection attempt"?

Cheers,
Filip G.

Filip "I'll buy a vowel" Gieszczykiewicz  |  http://www.repairfaq.org/
                                             (filipg () corona eps pitt edu)
I am the river itself and the leaf floating its currents.
I am steering. I am swept. I am.
Previous By Date Next
Previous By Thread Next

Current thread: