Security Incidents mailing list archives

RE: Voluminous SSHd scanning; possible worm activity?

From: "Schroeder, Eric" <Eric.Schroeder () westgroup com>
Date: Mon, 10 Dec 2001 12:34:48 -0600

True, but the people scanning don't know what OS you are running until they
scan you.  I'll also be willing to bet that most of them are automated,
which won't take into account different OS's.


Eric Schroeder 
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ 
 Network Engineer  
 West Group, NAG  
 PH: 651.848.2868  
 E1-N113  
 Eric.Schroeder () westgroup com  
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ 



-----Original Message-----
From: Jay D. Dyson [mailto:jdyson () treachery net]
Sent: Monday, December 10, 2001 12:34 PM
To: Incidents List
Cc: Schroeder, Eric
Subject: RE: Voluminous SSHd scanning; possible worm activity?


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 10 Dec 2001, Schroeder, Eric wrote:

There was a recent vulnerability discovered in RedHat's OpenSSH. I
have included the RH notice on the fix.


        Thanks...but, um...I'm running Solaris 7.  So far, none of my
boxen seem to have been successfully penetrated; just scanned until they
squeal.

- -Jay

   (    (                                                        _______
   ))   ))   .-"There's always time for a good cup of coffee"-.   >====<--.
 C|~~|C|~~| (>----- Jay D. Dyson -- jdyson () treachery net -----<) |    = |-'
  `--' `--'  `---------- Si vis pacem, para bellum. ----------'  `------'

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iQCVAwUBPBTyJrlDRyqRQ2a9AQGq+gP+LKSnsaYhNqn7x6JAsf18dbiIO5dS2v2r
ZN9GG9qDURNKAbBO61aWbMcm/JNMgC6HSnJrQXI8Fh2Ny1d1QWw1kPgoFPWNkc1G
kRF9LdFEA5f3wANm4AxXsti4CO2cT7icxqCJyuutBgeKz2uwOJuN7uJMMFOh7i6P
98g8UvNPIMk=
=Mdrg
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Re: Voluminous SSHd scanning; possible worm activity?, (continued)
- Re: Voluminous SSHd scanning; possible worm activity? Armando Ortiz (Dec 10)
- Re: Voluminous SSHd scanning; possible worm activity? Russell Fulton (Dec 10)
- Re: Voluminous SSHd scanning; possible worm activity? Jacek Lipkowski (Dec 11)
- Re: Voluminous SSHd scanning; possible worm activity? Glenn Forbes Fleming Larratt (Dec 16)
  - Re: Voluminous SSHd scanning; possible worm activity? Clarissa Cook (Dec 17)
- Re: Voluminous SSHd scanning; possible worm activity? Neil Dickey (Dec 10)
  - Re: Voluminous SSHd scanning; possible worm activity? Jay D. Dyson (Dec 10)
- RE: Voluminous SSHd scanning; possible worm activity? Schroeder, Eric (Dec 10)
  - RE: Voluminous SSHd scanning; possible worm activity? Jay D. Dyson (Dec 10)
  - Re: Voluminous SSHd scanning; possible worm activity? Markus Friedl (Dec 10)
- RE: Voluminous SSHd scanning; possible worm activity? Schroeder, Eric (Dec 10)
  - Re: Voluminous SSHd scanning; possible worm activity? Florian Weimer (Dec 10)
    - Re: Voluminous SSHd scanning; possible worm activity? Markus Friedl (Dec 11)
- RE: Voluminous SSHd scanning; possible worm activity? Gommers, Joep (Dec 11)
  - RE: Voluminous SSHd scanning; possible worm activity? Damien Miller (Dec 11)
  - RE: Voluminous SSHd scanning; possible worm activity? Jay D. Dyson (Dec 11)
    - Re: Voluminous SSHd scanning; possible worm activity? Bertrand Lupart (Dec 12)
    - Re: Voluminous SSHd scanning; possible worm activity? Jonathan Bloomquist (Dec 13)
  - RE: Voluminous SSHd scanning; possible worm activity? jon schatz (Dec 11)
    - Re: Voluminous SSHd scanning; possible worm activity? Markus Friedl (Dec 12)
- RE: Voluminous SSHd scanning; possible worm activity? Gommers, Joep (Dec 12)

(Thread continues...)