-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It may be but it looks more like someone telnetted to port 22 and wanted to see what version of sshd you have and then tried to disconnect a few times... thanks, shawn On Wed, 21 Nov 2001, Shaun Dewberry wrote: > Hi All, > > Received these strange probes this afternoon, can anyone tell me what they > are? (I suspect it is SSH CRC32 exploit, but need confirmation). I found > this in my logs right before a couple of cgi-bin exploit attempts. (my host > is caffeine.co.za) > > Nov 21 16:11:21 fw sshd[30930]: Bad protocol version identification > '^Ccaffeine.co.za^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^V^Cexit ' from > 196.11.239.43 > Nov 21 16:11:45 fw sshd[30937]: fatal: Read from socket failed: Connection > reset by peer > > Thanks > Shaun Dewberry. > > VERANG (Pty) Ltd > http://www.verang.co.za > Tel: +27 11 395 3310 > Fax: +27 11 395 3971 > Mobile: +27 83 415 5201 > > .*. > /V\ > (/ \) > ( ) > ^^-^^ > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (OpenBSD) Comment: For info see http://www.gnupg.org iD8DBQE7+9f43Qw8DHute6kRAvH3AJ9aJUNZFI93wCWP8JkgFcz9/u5uJgCeKVaI ubGQdDEbedKTayVa4YHfo+I= =j5cp -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Nov 21 2001 - 08:39:47 PST