Re: remote openssh probe or crack?.
From: Josha Bronson (dmuz@slartibartfast.angrypacket.com)Date: 06/13/02
- Previous message: Ian Reynolds: "Re: DSL Modem or Router Cracked?"
- In reply to: Lic. Rodolfo Gonzalez Gonzalez: "remote openssh probe or crack?."
- Next in thread: steveg: "Odd traffic on port 7002 need help figuring it out."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 12 Jun 2002 19:34:26 -0700 From: Josha Bronson <dmuz@slartibartfast.angrypacket.com> To: "Lic. Rodolfo Gonzalez Gonzalez" <rgg@cs.buap.mx>
On Wed, Jun 12, 2002 at 06:13:08PM -0500, Lic. Rodolfo Gonzalez Gonzalez said:
> I got these lines in "messages" in a RedHat 6.2 box:
Ooh, make sure you got all the pathces. ;)
> Jun 10 09:51:57 server sshd[9100]: Did not receive identification string
> from 64.90.65.19
> Jun 10 09:52:06 server sshd[9117]: Did not receive identification string
[snip...]
>
> I guess they're related to the latest openssh vulnerability, but I don't
> know if this could be caused by a succesful remote exploitation or if this
> is just a probe/scan. Any comments on this are appreciated.
These can, I am pretty sure, be caused by just a connection to your
sshd. Usualy this is with somethng that is not really interested in
talking ssh (like a banner grabber or netcat).
-- Josha Bronson dmuz@angrypacket.com AngryPacket Security---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Previous message: Ian Reynolds: "Re: DSL Modem or Router Cracked?"
- In reply to: Lic. Rodolfo Gonzalez Gonzalez: "remote openssh probe or crack?."
- Next in thread: steveg: "Odd traffic on port 7002 need help figuring it out."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
