Re: remote openssh probe or crack?.

From: Josha Bronson (dmuzat_private)
Date: Wed Jun 12 2002 - 19:34:26 PDT

Next message: steveg: "Odd traffic on port 7002 need help figuring it out."

Previous message: Ian Reynolds: "Re: DSL Modem or Router Cracked?"
In reply to: Lic. Rodolfo Gonzalez Gonzalez: "remote openssh probe or crack?."
Next in thread: steveg: "Odd traffic on port 7002 need help figuring it out."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jun 12, 2002 at 06:13:08PM -0500, Lic. Rodolfo Gonzalez Gonzalez said:
> I got these lines in "messages" in a RedHat 6.2 box:

Ooh, make sure you got all the pathces. ;)

> Jun 10 09:51:57 server sshd[9100]: Did not receive identification string 
> from 64.90.65.19
> Jun 10 09:52:06 server sshd[9117]: Did not receive identification string
[snip...]
> 
> I guess they're related to the latest openssh vulnerability, but I don't
> know if this could be caused by a succesful remote exploitation or if this
> is just a probe/scan. Any comments on this are appreciated.

These can, I am pretty sure, be caused by just a connection to your
sshd. Usualy this is with somethng that is not really interested in
talking ssh (like a banner grabber or netcat).

-- 
Josha Bronson
dmuzat_private
AngryPacket Security

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: steveg: "Odd traffic on port 7002 need help figuring it out."
Previous message: Ian Reynolds: "Re: DSL Modem or Router Cracked?"
In reply to: Lic. Rodolfo Gonzalez Gonzalez: "remote openssh probe or crack?."
Next in thread: steveg: "Odd traffic on port 7002 need help figuring it out."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 13 2002 - 12:55:04 PDT