Security Incidents mailing list archives
Re: Attacks against SSH?
From: johan.augustsson () adm gu se
Date: Thu, 06 Dec 2001 08:01:04 +0100
Has anyone seen anything from this guy? It would be interesting to know what version of BIND and SSH he was running and if the logs showed anything at all. If he was running the latest versions of BIND and OpenSSH that RedHat has RPMs for and still got compromised I would like to know how that happened. -------------------------------------------------------------------- Johan Augustsson Phone: +46 (0)31 773 1000 Incident Response Team Fax: +46 (0)31 773 1087 Göteborg University E-mail: Johan.Augustsson () adm gu se Sweden -------------------------------------------------------------------- Renee Teunissen wrote:
I was running http/https (apache), smtp (postfix) and named. All with the lastest versions. I saw several things in the logs which gave me the impression it was sshd. I will send this to the list as soon as I'm home. Renee. ----- Original Message ----- From: <johan.augustsson () adm gu se> To: "Renee Teunissen" <renee () wittenburg10c nl> Sent: Tuesday, December 04, 2001 8:32 AM Subject: Re: Attacks against SSH?Renee Teunissen wrote:The same seemed to happened to me last weekend, and am stillinvestigatingwhat went wrong. I thought, sinds I forgot do disable SSH-1, that thiswasthe reason. Is it or not? I'm running redhat 7.0 will all the lastest security fixes, could notfindanything on securityfocus nor packetstorm about this ssh-problem, and I fooled or what?What services where running at the time of the intrusion? What versions? Did you restart sshd after upggrading it? The following will tell you version and protocol of sshd % telnet 192.168.1.2 22 Trying 192.168.1.2... Connected to 192.168.1.2 Escape character is '^]'. SSH-2.0-OpenSSH_3.0.2p1
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Attacks against SSH?, (continued)
- Re: Attacks against SSH? f.johan.beisser (Dec 04)
- SSH1 CRC32 Compensation Attacks Armando B. Ortiz (Dec 10)
- Re: SSH1 CRC32 Compensation Attacks Andreas Östling (Dec 10)
- Re: SSH1 CRC32 Compensation Attacks Armando Ortiz (Dec 10)
- Re: Attacks against SSH? Florian Weimer (Dec 04)
- Re: Attacks against SSH? Steven S (Dec 03)
- Re: Attacks against SSH? Adam Manock (Dec 04)
- Message not available
- Message not available
- Re: Attacks against SSH? johan . augustsson (Dec 06)
- Re: Attacks against SSH? David Chin (Dec 05)
- Re: Attacks against SSH? Skip Carter (Dec 05)
- Re: Attacks against SSH? Skip Carter (Dec 06)