Re: Voluminous SSHd scanning; possible worm activity?

[Armando Ortiz <aortiz () onlinetraffic com>]

The scans have to do with someone searching for SSH Protocol 1 CRC32
Compensation vulnerabilities.

I would disable SSH1 and use SSH2.

Regards.

On Sun, 2001-12-09 at 12:23, Jay D. Dyson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Hi folks,
>
>       I've been seeing a lot of SSHd scans of late.  That in itself
> isn't odd, but the sheer volume of the scans is what's got my attention. 
> These sorts of scans used to occur infrequently, but now they're coming
> within minutes of each other, and they're coming from all over the globe. 
>
>       It's not in my nature to speculate wildly, but the sheer volume of
> these scans, coupled with the variety of their origins (not to mention the
> timing) leads me to wonder if a worm isn't at play here.
>
>       Has anyone else seen this sort of thing from their systems?
-- 
-----------------------------------------------------------------
 From the Linux Box of Armando Ortiz
                       System Administrator
                       OnLineTraffic.com
 Email:  aortiz () onlinetraffic com
 Download my public key from:
  ftp://209.185.214.98/pub/pubkeys/aortiz () onlinetraffic com pub
   or retrieve it from
  http://www.keyserver.net as aortiz () onlinetraffic com
                             (Public Key expires 01/04/2002)
       All emails from me are signed by this public key.
-----------------------------------------------------------------

Attachment: _bin
Description: