Re: Voluminous SSHd scanning; possible worm activity?

From: Markus Friedl (Markus.Friedlat_private-erlangen.de)
Date: Tue Dec 11 2001 - 09:37:19 PST

Next message: Lance Spitzner: "Know Your Enemy: Honeynets"

Previous message: Gommers, Joep: "RE: Voluminous SSHd scanning; possible worm activity?"
In reply to: Florian Weimer: "Re: Voluminous SSHd scanning; possible worm activity?"
Next in thread: Armando Ortiz: "Re: Voluminous SSHd scanning; possible worm activity?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Dec 10, 2001 at 11:44:57PM +0100, Florian Weimer wrote:
> Maybe we're seeing some psychological effect here: In the past, people
> tend to believe that SSH implementations were secure, apart from a few
> rather esoteric defects without much practical relevance.

But there is just one single (one-year-old) bug that many
implementations share.  So what you see is that people don't upgrade
broken software.

Moreover, I think that malloc(0) can happen in many other daemons.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Lance Spitzner: "Know Your Enemy: Honeynets"
Previous message: Gommers, Joep: "RE: Voluminous SSHd scanning; possible worm activity?"
In reply to: Florian Weimer: "Re: Voluminous SSHd scanning; possible worm activity?"
Next in thread: Armando Ortiz: "Re: Voluminous SSHd scanning; possible worm activity?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Dec 11 2001 - 10:16:42 PST