Re: Voluminous SSHd scanning; possible worm activity?

From: Markus Friedl (markusat_private)
Date: Wed Dec 12 2001 - 03:27:04 PST

Next message: Michael Ward: "RE: Port 111 Traffic"

Previous message: Bertrand Lupart: "Re: Voluminous SSHd scanning; possible worm activity?"
In reply to: jon schatz: "RE: Voluminous SSHd scanning; possible worm activity?"
Next in thread: Gommers, Joep: "RE: Voluminous SSHd scanning; possible worm activity?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Dec 11, 2001 at 04:58:21PM -0800, jon schatz wrote:
> (ie, UseLogin and sftp)

they cannot be related to ssh scanning (and if they are a
problem to a site they are _local_ problems).

even if there was a new exploit, most of the scanning will
be related to the crc32 bug, since about 30% of the servers
are still not upgraded:

	http://www.citi.umich.edu/u/provos/ssh/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Michael Ward: "RE: Port 111 Traffic"
Previous message: Bertrand Lupart: "Re: Voluminous SSHd scanning; possible worm activity?"
In reply to: jon schatz: "RE: Voluminous SSHd scanning; possible worm activity?"
Next in thread: Gommers, Joep: "RE: Voluminous SSHd scanning; possible worm activity?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 12 2001 - 10:59:44 PST