Re: remote openssh probe or crack?.

From: Josha Bronson (
Date: 06/13/02

Date: Wed, 12 Jun 2002 19:34:26 -0700
From: Josha Bronson <>
To: "Lic. Rodolfo Gonzalez Gonzalez" <>

On Wed, Jun 12, 2002 at 06:13:08PM -0500, Lic. Rodolfo Gonzalez Gonzalez said:
> I got these lines in "messages" in a RedHat 6.2 box:

Ooh, make sure you got all the pathces. ;)

> Jun 10 09:51:57 server sshd[9100]: Did not receive identification string
> from
> Jun 10 09:52:06 server sshd[9117]: Did not receive identification string
> I guess they're related to the latest openssh vulnerability, but I don't
> know if this could be caused by a succesful remote exploitation or if this
> is just a probe/scan. Any comments on this are appreciated.

These can, I am pretty sure, be caused by just a connection to your
sshd. Usualy this is with somethng that is not really interested in
talking ssh (like a banner grabber or netcat).

Josha Bronson
AngryPacket Security

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: