Re: sshd [871] random session key or cracked?
From: stor-sten (private@private.com)Date: 01/26/02
- Previous message: gaius.petronius: "sshd [871] random session key or cracked?"
- In reply to: gaius.petronius: "sshd [871] random session key or cracked?"
- Next in thread: Markus Friedl: "Re: sshd [871] random session key or cracked?"
- Reply: Markus Friedl: "Re: sshd [871] random session key or cracked?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: private@private.com (stor-sten) Date: Sat, 26 Jan 2002 04:25:56 GMT
correct, it is regenerating the key it provides to new connections.
the 'did not receive identification string' is MOST likely one of two
things:
1) someone telnet'ed to port 22 on your host and then disconnected without
sending any data.
2) some script kidding flew by with a root-kit-exploit-in-a-box port
scanner trying to look for UseLogin=Yes OpenSSH <v3.x hosts on which to
install his l33t r00tk1t. :P
paranoid rhetoric aside, neither is anything to worry about, likely.
If you're really worried, I suggest installing snort and/or updating your
sshd, and/or installing ipfilters/chains/tables to block incoming access to
known IPs
stor
- Next message: Markus Friedl: "Re: Newbie question: SSH2 and public-key authentication safe?"
- Previous message: gaius.petronius: "sshd [871] random session key or cracked?"
- In reply to: gaius.petronius: "sshd [871] random session key or cracked?"
- Next in thread: Markus Friedl: "Re: sshd [871] random session key or cracked?"
- Reply: Markus Friedl: "Re: sshd [871] random session key or cracked?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
