Bugtraq mailing list archives
Re: SSH attacks - anyone else seen these?
From: James Lay <jlay () slave-tothe-box net>
Date: Tue, 16 Oct 2007 13:34:18 -0600
On 10/16/07 11:06 AM, "Tim" <secnews () sp1r1t de> wrote:
I've recently noticed this in my logs: Oct 15 15:30:04 mysrv sshd[9563]: Bad protocol version identification 'POST /unauthenticated//..%01/..%01/..%01/..%01/..%01/..%01/.. %01/..%01/..%01/..%01/..%01/..%01/..%01' from 59.106.20.158 Oct 1 17:14:51 mysrv sshd[9915]: Bad protocol version identification '\377\364\377\375\006\377\364\377\375\006\377\364\377\375\006' from 84.58.87.123 Oct 1 17:15:13 airrocket sshd[11982]: Bad protocol version identification '' from 84.58.87.123 Did anyone else notice similar things? Does anyone know what vulnerability they are attacking? Thanks,
Nothing in my logs..just out of curiosity, are you running sshd with protocol version 1, 2, or both? James
Current thread:
- SSH attacks - anyone else seen these? Tim (Oct 16)
- Re: SSH attacks - anyone else seen these? Gayathri Swaminathan (Oct 16)
- Re: SSH attacks - anyone else seen these? Jose Nazario (Oct 16)
- Re: SSH attacks - anyone else seen these? Mark R. Bowyer (Oct 16)
- Re: SSH attacks - anyone else seen these? James Lay (Oct 17)
- Re: SSH attacks - anyone else seen these? Tim (Oct 18)
- Re: SSH attacks - anyone else seen these? pand0ra (Oct 17)
- Re: SSH attacks - anyone else seen these? Gayathri Swaminathan (Oct 16)