sshd "bad protocol version identification" messages
- From: freebsd@xxxxxxxxxxxx
- Date: Sun, 15 Oct 2006 11:42:47 -0700
I'm seeing lines like the following in my security logs:
Oct 14 06:56:32 srv sshd[41370]: Bad protocol version identification
'\200b\001\003\001' from 24.203.221.239
From what I've read, this is a buffer overflow attack on the sshd
whereby the attacker triggers the overflow before the identification
string is sent then attempts commands to see if elevated priveleges were
obtained. The log message is produced by sshd trying to interpret the
commands as the identification string. Is this related to SA-06:22 or
SA-06:23, or is this another bug?
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Prev by Date: Re: Proposal: MAC_BIBA and real-world usage
- Next by Date: FreeBSD 4.x EoL
- Previous by thread: Re: [fbsd] HEADS UP: FreeBSD 5.3, 5.4, 6.0 EoLs coming soon
- Next by thread: FreeBSD 4.x EoL
- Index(es):
