> Hello, > > I got these lines in "messages" in a RedHat 6.2 box: > > Jun 10 09:51:57 server sshd[9100]: Did not receive identification string > from 64.90.65.19 > Jun 10 09:52:06 server sshd[9117]: Did not receive identification string > from 64.90.65.19 > Jun 11 03:07:56 server sshd[8684]: Did not receive identification string > from 216.127.64.48 > Jun 11 03:07:56 server sshd[8688]: Did not receive > identification string from 216.127.64.48 > Jun 12 08:14:03 server sshd[22853]: Did not receive identification string > from 61.84.218.135 > Jun 12 08:14:05 server sshd[22871]: Did not receive > identification string from 61.84.218.135 > > I guess they're related to the latest openssh vulnerability, but I don't > know if this could be caused by a succesful remote exploitation or if this > is just a probe/scan. Any comments on this are appreciated. This is probably just a probe designed to find and wake up your sshd server and identify which one it is from the response. -- Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647 Taygeta Scientific Inc. INTERNET: skipat_private 1340 Munras Ave., Suite 314 WWW: http://www.taygeta.com Monterey, CA. 93940 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jun 13 2002 - 13:54:20 PDT