[VulnWatch] SSH login attempts: tcpdump packet capture
From: Jay Libove (libove_at_felines.org)
Date: Sun, 1 Aug 2004 14:15:12 -0400 To: <firstname.lastname@example.org>
I got a packet capture of one of the SSH2 sessions trying to log in as a
couple of illegal usernames. The contents of one packet suggests an
attempt to buffer overflow the SSH server; ethereal's SSH decoding says
"overly large value".
It didn't seem to work against my system (I see no strange processes
running; all files changed in past ten days look normal).
I am cross-posting this message and the attached tcpdump packet capture
file to the following places to let better people than I analyze it:
-Jay Libove, CISSP
- application/octet-stream attachment: ssh2.tcpdump