Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: remote openssh probe or crack?.

From: Josha Bronson <dmuz () slartibartfast angrypacket com>
Date: Wed, 12 Jun 2002 19:34:26 -0700
On Wed, Jun 12, 2002 at 06:13:08PM -0500, Lic. Rodolfo Gonzalez Gonzalez said:

I got these lines in "messages" in a RedHat 6.2 box:


Ooh, make sure you got all the pathces. ;)


Jun 10 09:51:57 server sshd[9100]: Did not receive identification string 
from 64.90.65.19
Jun 10 09:52:06 server sshd[9117]: Did not receive identification string

[snip...]


I guess they're related to the latest openssh vulnerability, but I don't
know if this could be caused by a succesful remote exploitation or if this
is just a probe/scan. Any comments on this are appreciated.


These can, I am pretty sure, be caused by just a connection to your
sshd. Usualy this is with somethng that is not really interested in
talking ssh (like a banner grabber or netcat).

-- 
Josha Bronson
dmuz () angrypacket com
AngryPacket Security

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: