Security Incidents mailing list archives

Re: MASSIVE ssh attack attempt

From: core.lists.incidents () CORE-SDI COM (Alberto Soliño)
Date: Fri, 25 Feb 2000 12:44:31 -0300

Hi:

Since the targets appear to all be the same machine, it doesn't seem likely
that this would be looking for the RSAREF problem. After all, if the
first connect doesn't compromise the host, 2 through N won't either.


Yes it could, the exploit actually makes a lot of connections tryin' to
find the correct offset to jump.

-- 
==================[ CORE Seguridad de la Informacion S.A. ]=========
Alberto SoliÃ±o                        mailto:asolino () core-sdi com
Pte. Juan D. Peron 315 Piso 4 UF 17   http://www.core-sdi.com
1038 Capital Federal
Buenos Aires, Argentina.              Tel/Fax : +(54.11)43.31.54.02
Casilla de Correos 877 (1000) Correo Central
====================================================================
--
"Simplicity is the highest goal, achievable when you have overcome 
all difficulties." F. Chopin

--- For a personal reply use asolino () core-sdi com

Current thread:

Re: MASSIVE ssh attack attempt Alberto Soliño (Feb 16)
- <Possible follow-ups>
- Re: MASSIVE ssh attack attempt Jeffrey D. Carter (Feb 23)
- Re: MASSIVE ssh attack attempt Iván Arce (Feb 24)
- Re: MASSIVE ssh attack attempt Alberto Soliño (Feb 25)