Security Incidents mailing list archives
Re: Voluminous SSHd scanning; possible worm activity?
From: Armando Ortiz <aortiz () onlinetraffic com>
Date: 10 Dec 2001 12:22:04 -0800
The scans have to do with someone searching for SSH Protocol 1 CRC32 Compensation vulnerabilities. I would disable SSH1 and use SSH2. Regards. On Sun, 2001-12-09 at 12:23, Jay D. Dyson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hi folks, I've been seeing a lot of SSHd scans of late. That in itself isn't odd, but the sheer volume of the scans is what's got my attention. These sorts of scans used to occur infrequently, but now they're coming within minutes of each other, and they're coming from all over the globe. It's not in my nature to speculate wildly, but the sheer volume of these scans, coupled with the variety of their origins (not to mention the timing) leads me to wonder if a worm isn't at play here. Has anyone else seen this sort of thing from their systems?
-- ----------------------------------------------------------------- From the Linux Box of Armando Ortiz System Administrator OnLineTraffic.com Email: aortiz () onlinetraffic com Download my public key from: ftp://209.185.214.98/pub/pubkeys/aortiz () onlinetraffic com pub or retrieve it from http://www.keyserver.net as aortiz () onlinetraffic com (Public Key expires 01/04/2002) All emails from me are signed by this public key. -----------------------------------------------------------------
Attachment:
_bin
Description:
Current thread:
- Voluminous SSHd scanning; possible worm activity? Jay D. Dyson (Dec 10)
- Re: Voluminous SSHd scanning; possible worm activity? Armando Ortiz (Dec 10)
- Re: Voluminous SSHd scanning; possible worm activity? Russell Fulton (Dec 10)
- Re: Voluminous SSHd scanning; possible worm activity? Jacek Lipkowski (Dec 11)
- Re: Voluminous SSHd scanning; possible worm activity? Glenn Forbes Fleming Larratt (Dec 16)
- Re: Voluminous SSHd scanning; possible worm activity? Clarissa Cook (Dec 17)
- <Possible follow-ups>
- Re: Voluminous SSHd scanning; possible worm activity? Neil Dickey (Dec 10)
- Re: Voluminous SSHd scanning; possible worm activity? Jay D. Dyson (Dec 10)
- RE: Voluminous SSHd scanning; possible worm activity? Schroeder, Eric (Dec 10)
- RE: Voluminous SSHd scanning; possible worm activity? Jay D. Dyson (Dec 10)
- Re: Voluminous SSHd scanning; possible worm activity? Markus Friedl (Dec 10)
- RE: Voluminous SSHd scanning; possible worm activity? Schroeder, Eric (Dec 10)
(Thread continues...)