-----BEGIN PGP SIGNED MESSAGE----- On Mon, 10 Dec 2001, Neil Dickey wrote: > > I've been seeing a lot of SSHd scans of late. > [ ... ] > > Has anyone else seen this sort of thing from their systems? > > Until a month or two ago we *never* saw scans to port 22. Now they are > common, though I'm not seeing anything like the intensity you describe. > In a week I might see as many as six, total, and that would be a heavy > week for me. Right now, the scans I'm seeing are coming in at around six in a day. Started four days ago. > Most of what I detect appear to be SYN scans. Has anyone done a > honeypot study to find out what weaknesses are being exploited, or is it > just the usual bug in SSH1? Perhaps we should touch base with the HoneyNet crew and see what they've discovered? - -Jay ( ( _______ )) )) .-"There's always time for a good cup of coffee"-. >====<--. C|~~|C|~~| (>----- Jay D. Dyson -- jdysonat_private -----<) | = |-' `--' `--' `---------- Si vis pacem, para bellum. ----------' `------' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBPBTjS7lDRyqRQ2a9AQHNPgQAlvrQgvUHEYYOfJeIfSj7mG4fKSfQjpaC eClyziq6jyziKpBecokq6jbSk9bP2K+ywZRf2oYXDDnU7ufnBjQuGIBxFNehu6VA 1//K57kbk5MCuquOnwZHAdf3VwLoOadW4CDdZffNIBwom9pXo+FzIHnZTLjfNK+g CVVlZJNbSN8= =cRfx -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Dec 10 2001 - 10:10:59 PST