Re: remote openssh probe or crack?.

From: Christian Vogel (chrisat_private)
Date: Thu Jun 13 2002 - 00:28:25 PDT

Next message: Baklarz, Ron: "RE: [logs] nimda web server logs"

Previous message: quentynat_private: "Re: [logs] nimda web server logs"
In reply to: Lic. Rodolfo Gonzalez Gonzalez: "remote openssh probe or crack?."
Next in thread: mat_private: "Re: remote openssh probe or crack?."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

> Jun 10 09:51:57 server sshd[9100]: Did not receive identification string 
> from 64.90.65.19

This message is generated when one connects to a ssh-daemon and instantly
disconnects again (so one doesn not send an identification string).

Most likely this is someone scanning for open ports in general or for
specific ssh-versions.

Just upgrade to the newest version on http://www.openssh.com/ and you
should be safe, for redhat 6.2 you may be interested in this:

ftp://ftp.de.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/rpm/README

	Chris

-- 
Seeing my great fault
Through darkening blue windows
I begin again
-- Chris Walsh

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Baklarz, Ron: "RE: [logs] nimda web server logs"
Previous message: quentynat_private: "Re: [logs] nimda web server logs"
In reply to: Lic. Rodolfo Gonzalez Gonzalez: "remote openssh probe or crack?."
Next in thread: mat_private: "Re: remote openssh probe or crack?."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 13 2002 - 14:18:08 PDT