Security Incidents mailing list archives
Re: remote openssh probe or crack?.
From: Josha Bronson <dmuz () slartibartfast angrypacket com>
Date: Wed, 12 Jun 2002 19:34:26 -0700
On Wed, Jun 12, 2002 at 06:13:08PM -0500, Lic. Rodolfo Gonzalez Gonzalez said:
I got these lines in "messages" in a RedHat 6.2 box:
Ooh, make sure you got all the pathces. ;)
Jun 10 09:51:57 server sshd[9100]: Did not receive identification string from 64.90.65.19 Jun 10 09:52:06 server sshd[9117]: Did not receive identification string
[snip...]
I guess they're related to the latest openssh vulnerability, but I don't know if this could be caused by a succesful remote exploitation or if this is just a probe/scan. Any comments on this are appreciated.
These can, I am pretty sure, be caused by just a connection to your sshd. Usualy this is with somethng that is not really interested in talking ssh (like a banner grabber or netcat). -- Josha Bronson dmuz () angrypacket com AngryPacket Security ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- remote openssh probe or crack?. Lic. Rodolfo Gonzalez Gonzalez (Jun 12)
- Re: remote openssh probe or crack?. Josha Bronson (Jun 13)
- Odd traffic on port 7002 need help figuring it out. steveg (Jun 13)
- Re: Odd traffic on port 7002 need help figuring it out. nito (Jun 13)
- Re: Odd traffic on port 7002 need help figuring it out. steveg (Jun 13)
- Re: Odd traffic on port 7002 need help figuring it out. nito (Jun 13)
- Re: remote openssh probe or crack?. Justin Coffey (Jun 13)
- Re: remote openssh probe or crack?. Oblek (Jun 13)
- Re: remote openssh probe or crack?. Skip Carter (Jun 13)
- Re: remote openssh probe or crack?. Nate Campi (Jun 13)
- Re: remote openssh probe or crack?. woof (Jun 13)
- Re: remote openssh probe or crack?. Christian Vogel (Jun 13)
- <Possible follow-ups>
- Re: remote openssh probe or crack?. m () rl206 org (Jun 13)
(Thread continues...)