RE: Voluminous SSHd scanning; possible worm activity ?

["Gommers, Joep" <JGommers () gfo nl>]

If i has taken a picture of the screen i was looking at, yes .. but no .. i
didn't.
i suggest u download that X2 exploit i found at my site:
www.cb3rob.net/~rvdv/ssh/x21.tgz.
There is a targets file, that contains information used to exploit serveral
versions. I saw  (i love that ttysnoop) somebody exploit a 2.0.x SSHd with
this exploit but with other targets i think.

Version 2.9.2 has a exploit that's for sure. The rumor is that TESO made it,
and it somehow reased some other underground 'crews' or 'groups'. Also i am
trying to find more informatino on the local exploit for SSHD 2.4.0. More
information on that soon.

Hope this can be of any help. Personally im gettin' sick and tired of all
those SSHD bugs etc. so i'm back to other remote administration programs.

Sincerely,
joep



On Tue, Dec 11, 2001 at 02:12:24PM +0100, Gommers, Joep wrote:
> Also SSH versions 2.0.x and 2.9.2 have not yet published exploit around.

Do you have information to back this rumor?

Thanks, -markus

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com