[VulnWatch] SSH login attempts: tcpdump packet capture

From: Jay Libove (libove_at_felines.org)
Date: 08/01/04

  • Next message: vulnwatch_at_exocet.ca: "[VulnWatch] Security issue with PuTTY v.54"
    Date: Sun, 1 Aug 2004 14:15:12 -0400
    To: <vulnwatch@vulnwatch.org>
    
    
    

    I got a packet capture of one of the SSH2 sessions trying to log in as a
    couple of illegal usernames. The contents of one packet suggests an
    attempt to buffer overflow the SSH server; ethereal's SSH decoding says
    "overly large value".

    It didn't seem to work against my system (I see no strange processes
    running; all files changed in past ten days look normal).

    I am cross-posting this message and the attached tcpdump packet capture
    file to the following places to let better people than I analyze it:
            openssh-unix-dev@mindrot.org
            secureshell@securityfocus.com
            full-disclosure@lists.netsys.com
            vulnwatch@vulnwatch.org

    -Jay Libove, CISSP

    
    



  • Next message: vulnwatch_at_exocet.ca: "[VulnWatch] Security issue with PuTTY v.54"