I got those logs everyday, and its relatively normal for a systems to go open to public, but if you really want to know what is it might be, put on snort on your network, it might came up with something. On Wed, Jun 12, 2002 at 06:13:08PM -0500, Lic. Rodolfo Gonzalez Gonzalez wrote: > Hello, > > I got these lines in "messages" in a RedHat 6.2 box: > > Jun 10 09:51:57 server sshd[9100]: Did not receive identification string > from 64.90.65.19 > Jun 10 09:52:06 server sshd[9117]: Did not receive identification string > from 64.90.65.19 > Jun 11 03:07:56 server sshd[8684]: Did not receive identification string > from 216.127.64.48 > Jun 11 03:07:56 server sshd[8688]: Did not receive > identification string from 216.127.64.48 > Jun 12 08:14:03 server sshd[22853]: Did not receive identification string > from 61.84.218.135 > Jun 12 08:14:05 server sshd[22871]: Did not receive > identification string from 61.84.218.135 > > I guess they're related to the latest openssh vulnerability, but I don't > know if this could be caused by a succesful remote exploitation or if this > is just a probe/scan. Any comments on this are appreciated. > > > Thank you. > Rodolfo. > > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jun 13 2002 - 13:26:01 PDT