Security Incidents mailing list archives
Re: MASSIVE ssh attack attempt
From: core.lists.incidents () CORE-SDI COM (Alberto Soliño)
Date: Wed, 16 Feb 2000 17:20:41 -0300
Hey: Mark Shirley wrote:
Our network has been recving massive amounts of ssh connection attempts in a short period of time. Feb 15 22:02:13 entropy2 iplog[24745]: TCP: ssh connection attempt from 210.134.59.39:1297
It could be a lot of things, but the same output happens when an attacker is trying to exploit the buffer overflow in RSAREF/SSH (1.2.27 and earlier). You could check the advisory at: http://www.core-sdi.com/advisories/buffer_over_ing.htm and http://www.securityfocus.com/vdb/bottom.html?vid=843 -- ==================[ CORE Seguridad de la Informacion S.A. ]========= Alberto Soliño mailto:asolino () core-sdi com Pte. Juan D. Peron 315 Piso 4 UF 17 http://www.core-sdi.com 1038 Capital Federal Buenos Aires, Argentina. Tel/Fax : +(54.11)43.31.54.02 Casilla de Correos 877 (1000) Correo Central ==================================================================== -- "Simplicity is the highest goal, achievable when you have overcome all difficulties." F. Chopin --- For a personal reply use asolino () core-sdi com
Current thread:
- Re: MASSIVE ssh attack attempt Alberto Soliño (Feb 16)
- <Possible follow-ups>
- Re: MASSIVE ssh attack attempt Jeffrey D. Carter (Feb 23)
- Re: MASSIVE ssh attack attempt Iván Arce (Feb 24)
- Re: MASSIVE ssh attack attempt Alberto Soliño (Feb 25)