Re: OpenSSH anomaly

From: Paul Schmehl (pauls_at_utdallas.edu)
Date: 02/22/04

Next message: Benjamin Franz: "Re: OpenSSH anomaly"

Previous message: Benjamin Franz: "OpenSSH anomaly"
In reply to: Benjamin Franz: "OpenSSH anomaly"
Next in thread: Benjamin Franz: "Re: OpenSSH anomaly"
Reply: Benjamin Franz: "Re: OpenSSH anomaly"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 22 Feb 2004 13:12:17 -0600
To: Benjamin Franz <snowhare@nihongo.org>, incidents@securityfocus.com

--On Sunday, February 22, 2004 9:45 AM -0800 Benjamin Franz
<snowhare@nihongo.org> wrote:

>
> I'm running a RedHat Enterprise 3 ES server that has been running fairly
> reliably for a month. This morning we could not remotely login to the
> server via SSH because openssh would terminate the connection immediately
> (no delay) after apparently successfully logging in - without giving a
> prompt. We are current on patches up to Feb 1 with the exception of the
> kernel which is RHES 2.4.21-4.0.1.ELsmp. A console reboot succeeded in
> restoring connectivity. We couldn't find any footprints in any log or any
> suspicious file activity. No record of the failed logins (we attempted
> using both pubkey and password) were in the logs. The openssh version is
> RedHat's 3.6.1p2-18.
>
> Has anyone else seen something similar?
>
Sounds like tcpwrappers was rejecting the login. Check /var/log/messages
to see if the reverse lookup on the remote IP was failing. If it was, you
might have to add that IP to the /etc/hosts.allow file.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_incidents_040219
----------------------------------------------------------------------------

Next message: Benjamin Franz: "Re: OpenSSH anomaly"

Previous message: Benjamin Franz: "OpenSSH anomaly"
In reply to: Benjamin Franz: "OpenSSH anomaly"
Next in thread: Benjamin Franz: "Re: OpenSSH anomaly"
Reply: Benjamin Franz: "Re: OpenSSH anomaly"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]