Security Incidents mailing list archives
Re: remote openssh probe or crack?.
From: woof () droopy 2y net
Date: Thu, 13 Jun 2002 03:35:54 +0200
On Wed, Jun 12, 2002 at 06:13:08PM -0500, Lic. Rodolfo Gonzalez Gonzalez wrote:
Hello, I got these lines in "messages" in a RedHat 6.2 box: Jun 10 09:51:57 server sshd[9100]: Did not receive identification string from 64.90.65.19 Jun 10 09:52:06 server sshd[9117]: Did not receive identification string from 64.90.65.19 Jun 11 03:07:56 server sshd[8684]: Did not receive identification string from 216.127.64.48 Jun 11 03:07:56 server sshd[8688]: Did not receive identification string from 216.127.64.48 Jun 12 08:14:03 server sshd[22853]: Did not receive identification string from 61.84.218.135 Jun 12 08:14:05 server sshd[22871]: Did not receive identification string from 61.84.218.135
I could be wrong but .. i've heard in the past about identd requests (mostly port 113 from memories). It only seems that among your users several are loguing from hosts with no identd daemon.
I guess they're related to the latest openssh vulnerability, but I don't know if this could be caused by a succesful remote exploitation or if this is just a probe/scan. Any comments on this are appreciated.
I don't think this can be linked to any specific vulnerability. It's look like one of those scan launched by kiddies arround looking for unpatched vulnerable systems.
Thank you. Rodolfo.
Informations provided may be wrong Do not trust. Check yourself for proper informations. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- remote openssh probe or crack?. Lic. Rodolfo Gonzalez Gonzalez (Jun 12)
- Re: remote openssh probe or crack?. Josha Bronson (Jun 13)
- Odd traffic on port 7002 need help figuring it out. steveg (Jun 13)
- Re: Odd traffic on port 7002 need help figuring it out. nito (Jun 13)
- Re: Odd traffic on port 7002 need help figuring it out. steveg (Jun 13)
- Re: Odd traffic on port 7002 need help figuring it out. nito (Jun 13)
- Re: remote openssh probe or crack?. Justin Coffey (Jun 13)
- Re: remote openssh probe or crack?. Oblek (Jun 13)
- Re: remote openssh probe or crack?. Skip Carter (Jun 13)
- Re: remote openssh probe or crack?. Nate Campi (Jun 13)
- Re: remote openssh probe or crack?. woof (Jun 13)
- Re: remote openssh probe or crack?. Christian Vogel (Jun 13)
- <Possible follow-ups>
- Re: remote openssh probe or crack?. m () rl206 org (Jun 13)
- Re: remote openssh probe or crack?. Rich Henning (Jun 14)
- Re: remote openssh probe or crack?. gabriel rosenkoetter (Jun 14)