Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Voluminous SSHd scanning; possible worm activity?

From: Damien Miller <djm () mindrot org>
Date: Wed, 12 Dec 2001 08:44:56 +1100 (EST)
On Tue, 11 Dec 2001, Gommers, Joep wrote:


The reason for all the scans on port 22 are not worms, it's the whole
scriptkiddie world that is scanning your ports for SSH versions:


[snip]


It's like the time where the wuftpd deamon versions 2.4.0 2.5.0 and 2.6.0
first had it's public exploit.


Except for the fact that the ssh hole was discovered, publicised and 
fixed over a year ago.

-d

-- 
| By convention there is color,       \\ Damien Miller <djm () mindrot org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: