Re: SSH attacks - anyone else seen these?
- From: James Lay <jlay@xxxxxxxxxxxxxxxxxxx>
- Date: Tue, 16 Oct 2007 13:34:18 -0600
On 10/16/07 11:06 AM, "Tim" <secnews@xxxxxxxxx> wrote:
I've recently noticed this in my logs:
Oct 15 15:30:04 mysrv sshd[9563]: Bad protocol version
identification 'POST /unauthenticated//..%01/..%01/..%01/..%01/..%01/..%01/..
%01/..%01/..%01/..%01/..%01/..%01/..%01' from 59.106.20.158
Oct 1 17:14:51 mysrv sshd[9915]: Bad protocol version
identification '\377\364\377\375\006\377\364\377\375\006\377\364\377\375\006'
from 84.58.87.123
Oct 1 17:15:13 airrocket sshd[11982]: Bad protocol version identification ''
from 84.58.87.123
Did anyone else notice similar things? Does anyone know what vulnerability
they are attacking?
Thanks,
Nothing in my logs..just out of curiosity, are you running sshd with
protocol version 1, 2, or both?
James
- Follow-Ups:
- References:
- SSH attacks - anyone else seen these?
- From: Tim
- SSH attacks - anyone else seen these?
- Prev by Date: Cisco Security Advisory: Multiple Vulnerabilities in Firewall Services Module
- Next by Date: Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and ASA Appliances
- Previous by thread: Re: SSH attacks - anyone else seen these?
- Next by thread: Re: SSH attacks - anyone else seen these?
- Index(es):
Relevant Pages
|
|
