Security Incidents mailing list archives
Re: MASSIVE ssh attack attempt
From: core.lists.incidents () CORE-SDI COM (Iván Arce)
Date: Thu, 24 Feb 2000 21:45:23 -0300
"Jeffrey D. Carter" wrote:
Automatic digest processor <LISTSERV () lists securityfocus com> writes:-------------------------------------------------------------------------<| Date: Fri, 18 Feb 2000 15:15:03 -0800 | From: Robert Graham <Robert.Graham () NETWORKICE COM> | Subject: Re: MASSIVE ssh attack attempt | | PCanywhere uses UDP/22 rather than TCP/22. | | http://www.robertgraham.com/pubs/firewall-seen.html#port22 | | My guess this is just a massive sacan for the recent RSAREF bug. | | Rob.-------------------------------------------------------------------------<Since the targets appear to all be the same machine, it doesn't seem likely that this would be looking for the RSAREF problem. After all, if the first connect doesn't compromise the host, 2 through N won't either.
Thats not quite correct. The publicly available ssh/RSAREF exploit client has an command line option to use an user provided range of addresses to sweep to find the right offset. -ivan -- "Understanding. A cerebral secretion that enables one having it to know a house from a horse by the roof on the house, It's nature and laws have been exhaustively expounded by Locke, who rode a house, and Kant, who lived in a horse." - Ambrose Bierce ==================[ CORE Seguridad de la Informacion S.A. ]========= Iván Arce Presidente PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A email: iarce () core-sdi com http://www.core-sdi.com Pte. Juan D. Peron 315 Piso 4 UF 17 1038 Capital Federal Buenos Aires, Argentina. Tel/Fax : +(54-11) 4331-5402 Casilla de Correos 877 (1000) Correo Central ===================================================================== --- For a personal reply use iarce () core-sdi com
Current thread:
- Re: MASSIVE ssh attack attempt Alberto Soliño (Feb 16)
- <Possible follow-ups>
- Re: MASSIVE ssh attack attempt Jeffrey D. Carter (Feb 23)
- Re: MASSIVE ssh attack attempt Iván Arce (Feb 24)
- Re: MASSIVE ssh attack attempt Alberto Soliño (Feb 25)