Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: remote openssh probe or crack?.

From: Skip Carter <skip () taygeta com>
Date: Wed, 12 Jun 2002 21:33:27 -0700


Hello,

I got these lines in "messages" in a RedHat 6.2 box:

Jun 10 09:51:57 server sshd[9100]: Did not receive identification string 
from 64.90.65.19
Jun 10 09:52:06 server sshd[9117]: Did not receive identification string
from 64.90.65.19
Jun 11 03:07:56 server sshd[8684]: Did not receive identification string
from 216.127.64.48 
Jun 11 03:07:56 server sshd[8688]: Did not receive
identification string from 216.127.64.48
Jun 12 08:14:03 server sshd[22853]: Did not receive identification string
from 61.84.218.135 
Jun 12 08:14:05 server sshd[22871]: Did not receive
identification string from 61.84.218.135

I guess they're related to the latest openssh vulnerability, but I don't
know if this could be caused by a succesful remote exploitation or if this
is just a probe/scan. Any comments on this are appreciated.


   This is probably just a probe designed to find and wake up your sshd server 
and
   identify which one it is from the response.



-- 
 Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Scientific Inc.        INTERNET: skip () taygeta com
 1340 Munras Ave., Suite 314    WWW: http://www.taygeta.com
 Monterey, CA. 93940            












----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: