Security Incidents mailing list archives
Re: SSH CRC32? What am I seeing?
From: SecLists <lists () secure stargate net>
Date: Wed, 21 Nov 2001 11:36:02 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It may be but it looks more like someone telnetted to port 22 and wanted to see what version of sshd you have and then tried to disconnect a few times... thanks, shawn On Wed, 21 Nov 2001, Shaun Dewberry wrote:
Hi All, Received these strange probes this afternoon, can anyone tell me what they are? (I suspect it is SSH CRC32 exploit, but need confirmation). I found this in my logs right before a couple of cgi-bin exploit attempts. (my host is caffeine.co.za) Nov 21 16:11:21 fw sshd[30930]: Bad protocol version identification '^Ccaffeine.co.za^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^V^Cexit ' from 196.11.239.43 Nov 21 16:11:45 fw sshd[30937]: fatal: Read from socket failed: Connection reset by peer Thanks Shaun Dewberry. VERANG (Pty) Ltd http://www.verang.co.za Tel: +27 11 395 3310 Fax: +27 11 395 3971 Mobile: +27 83 415 5201 .*. /V\ (/ \) ( ) ^^-^^ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (OpenBSD) Comment: For info see http://www.gnupg.org iD8DBQE7+9f43Qw8DHute6kRAvH3AJ9aJUNZFI93wCWP8JkgFcz9/u5uJgCeKVaI ubGQdDEbedKTayVa4YHfo+I= =j5cp -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- SSH CRC32? What am I seeing? Shaun Dewberry (Nov 21)
- Re: SSH CRC32? What am I seeing? SecLists (Nov 21)
- Re: SSH CRC32? What am I seeing? Jose Nazario (Nov 21)
- Re: SSH CRC32? What am I seeing? Martin Roesch (Nov 21)