Security Incidents mailing list archives

Re: remote openssh probe or crack?.

From: Christian Vogel <chris () obelix hedonism cx>
Date: Thu, 13 Jun 2002 09:28:25 +0200

Hi,

Jun 10 09:51:57 server sshd[9100]: Did not receive identification string 
from 64.90.65.19


This message is generated when one connects to a ssh-daemon and instantly
disconnects again (so one doesn not send an identification string).

Most likely this is someone scanning for open ports in general or for
specific ssh-versions.

Just upgrade to the newest version on http://www.openssh.com/ and you
should be safe, for redhat 6.2 you may be interested in this:

ftp://ftp.de.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/rpm/README

        Chris

-- 
Seeing my great fault
Through darkening blue windows
I begin again
-- Chris Walsh

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

remote openssh probe or crack?. Lic. Rodolfo Gonzalez Gonzalez (Jun 12)
- Re: remote openssh probe or crack?. Josha Bronson (Jun 13)
- Odd traffic on port 7002 need help figuring it out. steveg (Jun 13)
  - Re: Odd traffic on port 7002 need help figuring it out. nito (Jun 13)
    - Re: Odd traffic on port 7002 need help figuring it out. steveg (Jun 13)
- Re: remote openssh probe or crack?. Justin Coffey (Jun 13)
- Re: remote openssh probe or crack?. Oblek (Jun 13)
- Re: remote openssh probe or crack?. Skip Carter (Jun 13)
  - Re: remote openssh probe or crack?. Nate Campi (Jun 13)
- Re: remote openssh probe or crack?. woof (Jun 13)
- Re: remote openssh probe or crack?. Christian Vogel (Jun 13)
- <Possible follow-ups>
- Re: remote openssh probe or crack?. m () rl206 org (Jun 13)
  - Re: remote openssh probe or crack?. Rich Henning (Jun 14)
  - Re: remote openssh probe or crack?. gabriel rosenkoetter (Jun 14)