SSH CRC32? What am I seeing?

From: Shaun Dewberry (shaundat_private)
Date: Wed Nov 21 2001 - 05:49:11 PST

Next message: Ihsahn Diablo: "Questions"

Previous message: incidents-return-2127-jwa=jammed.comat_private: "Re: MS-SQL Worm?"
Next in thread: SecLists: "Re: SSH CRC32? What am I seeing?"
Reply: SecLists: "Re: SSH CRC32? What am I seeing?"
Reply: Jose Nazario: "Re: SSH CRC32? What am I seeing?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi All,

Received these strange probes this afternoon, can anyone tell me what they
are? (I suspect it is SSH CRC32 exploit, but need confirmation). I found
this in my logs right before a couple of cgi-bin exploit attempts. (my host
is caffeine.co.za)

Nov 21 16:11:21 fw sshd[30930]: Bad protocol version identification
'^Ccaffeine.co.za^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^V^Cexit  ' from
196.11.239.43
Nov 21 16:11:45 fw sshd[30937]: fatal: Read from socket failed: Connection
reset by peer

Thanks
Shaun Dewberry.

VERANG (Pty) Ltd
http://www.verang.co.za
Tel: +27 11 395 3310
Fax: +27 11 395 3971
Mobile: +27 83 415 5201

 .*.
 /V\
(/ \)
(   )
^^-^^


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Ihsahn Diablo: "Questions"
Previous message: incidents-return-2127-jwa=jammed.comat_private: "Re: MS-SQL Worm?"
Next in thread: SecLists: "Re: SSH CRC32? What am I seeing?"
Reply: SecLists: "Re: SSH CRC32? What am I seeing?"
Reply: Jose Nazario: "Re: SSH CRC32? What am I seeing?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Nov 21 2001 - 08:32:40 PST