SSH login attempts: tcpdump packet capture

["Jay Libove" <libove () felines org>]

I got a packet capture of one of the SSH2 sessions trying to log in as a
couple of illegal usernames.  The contents of one packet suggests an
attempt to buffer overflow the SSH server;  ethereal's SSH decoding says
"overly large value".

It didn't seem to work against my system (I see no strange processes
running; all files changed in past ten days look normal).

I am cross-posting this message and the attached tcpdump packet capture
file to the following places to let better people than I analyze it:
        openssh-unix-dev () mindrot org
        secureshell () securityfocus com
        full-disclosure () lists netsys com
        vulnwatch () vulnwatch org

-Jay Libove, CISSP

Attachment: ssh2.tcpdump
Description: ssh2.tcpdump