Security Incidents mailing list archives

Re: MASSIVE ssh attack attempt

From: core.lists.incidents () CORE-SDI COM (Alberto Soliño)
Date: Wed, 16 Feb 2000 17:20:41 -0300


Hey:

Mark Shirley wrote:


Our network has been recving massive amounts of ssh connection attempts in a short period of time.

Feb 15 22:02:13 entropy2 iplog[24745]: TCP: ssh connection attempt from
210.134.59.39:1297


It could be a lot of things, but the same output happens when an
attacker is trying to exploit the buffer overflow in RSAREF/SSH (1.2.27
and earlier).

You could check the advisory at:

http://www.core-sdi.com/advisories/buffer_over_ing.htm

and 

http://www.securityfocus.com/vdb/bottom.html?vid=843


-- 
==================[ CORE Seguridad de la Informacion S.A. ]=========
Alberto SoliÃ±o                        mailto:asolino () core-sdi com
Pte. Juan D. Peron 315 Piso 4 UF 17   http://www.core-sdi.com
1038 Capital Federal
Buenos Aires, Argentina.              Tel/Fax : +(54.11)43.31.54.02
Casilla de Correos 877 (1000) Correo Central
====================================================================
--
"Simplicity is the highest goal, achievable when you have overcome 
all difficulties." F. Chopin

--- For a personal reply use asolino () core-sdi com

Current thread:

Re: MASSIVE ssh attack attempt Alberto Soliño (Feb 16)
- <Possible follow-ups>
- Re: MASSIVE ssh attack attempt Jeffrey D. Carter (Feb 23)
- Re: MASSIVE ssh attack attempt Iván Arce (Feb 24)
- Re: MASSIVE ssh attack attempt Alberto Soliño (Feb 25)