Re: SSH CRC32? What am I seeing?

[SecLists <lists () secure stargate net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It may be but it looks more like someone telnetted to port 22 and wanted
to see what version of sshd you have and then tried to disconnect a few
times...

thanks,
shawn

On Wed, 21 Nov 2001, Shaun Dewberry wrote:

> Hi All,
>
> Received these strange probes this afternoon, can anyone tell me what they
> are? (I suspect it is SSH CRC32 exploit, but need confirmation). I found
> this in my logs right before a couple of cgi-bin exploit attempts. (my host
> is caffeine.co.za)
>
> Nov 21 16:11:21 fw sshd[30930]: Bad protocol version identification
> '^Ccaffeine.co.za^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^V^Cexit  ' from
> 196.11.239.43
> Nov 21 16:11:45 fw sshd[30937]: fatal: Read from socket failed: Connection
> reset by peer
>
> Thanks
> Shaun Dewberry.
>
> VERANG (Pty) Ltd
> http://www.verang.co.za
> Tel: +27 11 395 3310
> Fax: +27 11 395 3971
> Mobile: +27 83 415 5201
>
>  .*.
>  /V\
> (/ \)
> (   )
> ^^-^^
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (OpenBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7+9f43Qw8DHute6kRAvH3AJ9aJUNZFI93wCWP8JkgFcz9/u5uJgCeKVaI
ubGQdDEbedKTayVa4YHfo+I=
=j5cp
-----END PGP SIGNATURE-----



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com