RE: Voluminous SSHd scanning; possible worm activity?

From: Damien Miller (djmat_private)
Date: Tue Dec 11 2001 - 13:44:56 PST

Next message: Seamus Hartmann: "RE: Internal Machine making many attempts to connect to Internet on 1 37"

Previous message: Portnoy, Gary: "RE: Internal Machine making many attempts to connect to Internet on 1 37"
In reply to: Gommers, Joep: "RE: Voluminous SSHd scanning; possible worm activity?"
Next in thread: Jay D. Dyson: "RE: Voluminous SSHd scanning; possible worm activity?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 11 Dec 2001, Gommers, Joep wrote:

> The reason for all the scans on port 22 are not worms, it's the whole
> scriptkiddie world that is scanning your ports for SSH versions:

[snip]

> It's like the time where the wuftpd deamon versions 2.4.0 2.5.0 and 2.6.0
> first had it's public exploit.

Except for the fact that the ssh hole was discovered, publicised and 
fixed over a year ago.

-d

-- 
| By convention there is color,       \\ Damien Miller <djmat_private>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Seamus Hartmann: "RE: Internal Machine making many attempts to connect to Internet on 1 37"
Previous message: Portnoy, Gary: "RE: Internal Machine making many attempts to connect to Internet on 1 37"
In reply to: Gommers, Joep: "RE: Voluminous SSHd scanning; possible worm activity?"
Next in thread: Jay D. Dyson: "RE: Voluminous SSHd scanning; possible worm activity?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Dec 11 2001 - 18:43:21 PST