Re: remote openssh probe or crack?.

From: Christian Vogel (chris@obelix.hedonism.cx)
Date: 06/13/02


From: Christian Vogel <chris@obelix.hedonism.cx>
Date: Thu, 13 Jun 2002 09:28:25 +0200
To: "Lic. Rodolfo Gonzalez Gonzalez" <rgg@cs.buap.mx>

Hi,

> Jun 10 09:51:57 server sshd[9100]: Did not receive identification string
> from 64.90.65.19

This message is generated when one connects to a ssh-daemon and instantly
disconnects again (so one doesn not send an identification string).

Most likely this is someone scanning for open ports in general or for
specific ssh-versions.

Just upgrade to the newest version on http://www.openssh.com/ and you
should be safe, for redhat 6.2 you may be interested in this:

ftp://ftp.de.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/rpm/README

        Chris

-- 
Seeing my great fault
Through darkening blue windows
I begin again
-- Chris Walsh

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com