RE: Voluminous SSHd scanning; possible worm activity?

From: jon schatz (jonat_private)
Date: Tue Dec 11 2001 - 16:58:21 PST

Next message: Paul Dokas: "Re: 6112/TCP scans"

Previous message: Robert Graham: "RE: Internal Machine making many attempts to connect to Internet on 137"
In reply to: Gommers, Joep: "RE: Voluminous SSHd scanning; possible worm activity?"
Next in thread: Markus Friedl: "Re: Voluminous SSHd scanning; possible worm activity?"
Next in thread: Gommers, Joep: "RE: Voluminous SSHd scanning; possible worm activity?"
Reply: Markus Friedl: "Re: Voluminous SSHd scanning; possible worm activity?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2001-12-11 at 05:12, Gommers, Joep wrote:
> Also SSH versions 2.0.x and 2.9.2 have not yet published exploit around.

wait, are you sure about this? is this a known issue (ie, UseLogin and
sftp), or is this based on something new? there have been rumors on many
lists (vuln-dev, focus-linux, etc) of such an exploit, which is quite
scary. do you have a reliable source on this?

-jon

-- 
jonat_private || www.divisionbyzero.com
gpg key: www.divisionbyzero.com/pubkey.asc
think i have a virus?: www.divisionbyzero.com/pgp.html
"You are in a twisty little maze of Sendmail rules, all confusing."

application/pgp-signature attachment: stored

Next message: Paul Dokas: "Re: 6112/TCP scans"
Previous message: Robert Graham: "RE: Internal Machine making many attempts to connect to Internet on 137"
In reply to: Gommers, Joep: "RE: Voluminous SSHd scanning; possible worm activity?"
Next in thread: Markus Friedl: "Re: Voluminous SSHd scanning; possible worm activity?"
Next in thread: Gommers, Joep: "RE: Voluminous SSHd scanning; possible worm activity?"
Reply: Markus Friedl: "Re: Voluminous SSHd scanning; possible worm activity?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Dec 11 2001 - 18:57:21 PST