[VulnWatch] SSH login attempts: tcpdump packet capture

From: Jay Libove (libove_at_felines.org)
Date: 08/01/04

Next message: vulnwatch_at_exocet.ca: "[VulnWatch] Security issue with PuTTY v.54"

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 1 Aug 2004 14:15:12 -0400
To: <vulnwatch@vulnwatch.org>

I got a packet capture of one of the SSH2 sessions trying to log in as a
couple of illegal usernames. The contents of one packet suggests an
attempt to buffer overflow the SSH server; ethereal's SSH decoding says
"overly large value".

It didn't seem to work against my system (I see no strange processes
running; all files changed in past ten days look normal).

I am cross-posting this message and the attached tcpdump packet capture
file to the following places to let better people than I analyze it:
        openssh-unix-dev@mindrot.org
        secureshell@securityfocus.com
        full-disclosure@lists.netsys.com
        vulnwatch@vulnwatch.org

-Jay Libove, CISSP

application/octet-stream attachment: ssh2.tcpdump

Next message: vulnwatch_at_exocet.ca: "[VulnWatch] Security issue with PuTTY v.54"

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

SSH login attempts: tcpdump packet capture
... I got a packet capture of one of the SSH2 sessions trying to log in as a ... couple of illegal usernames. ... attempt to buffer overflow the SSH server; ... I am cross-posting this message and the attached tcpdump packet capture ...
(Incidents)
[Full-Disclosure] SSH login attempts: tcpdump packet capture
... I got a packet capture of one of the SSH2 sessions trying to log in as a ... couple of illegal usernames. ... attempt to buffer overflow the SSH server; ... I am cross-posting this message and the attached tcpdump packet capture ...
(Full-Disclosure)