Security Incidents mailing list archives
Re: SSH attacks?
From: Jyri Hovila <jyri.hovila () iki fi>
Date: Wed, 28 Jul 2004 22:05:24 +0300
Hi again! It seems that at least one host has been rooted somehow relating to the scans we're seeing: http://www.dslreports.com/forum/remark,10854834~mode=flat~days=9999~start=60 I'm pretty sure there is a new SSH exploit around. At least this clearly isn't a brute force attack. As we are seeing lots of scans, but only few rooted hosts, it really doesn't look like a worm either. Someone seems to be scanning for vulnerable SSH daemons, obviously using previously rooted hosts, and then roots vulnerable hosts of his/her choice manually. As I wrote in my previous message, I think it's a good choise to limit access to SSH until this issue is solved. - Jyri ################################################################## # This message has been checked for viruses using Qmail-Scanner. # # http://www.turvamies.fi # ##################################################################
Current thread:
- Re: SSH attacks?, (continued)
- Re: SSH attacks? Christine Kronberg (Jul 29)
- Re: SSH attacks? Pieter-Bas IJdens (Jul 30)
- Re: SSH attacks? Frank Knobbe (Jul 30)
- Re: SSH attacks? Jay D. Dyson (Jul 30)
- Re: SSH attacks? Frank Knobbe (Jul 31)
- Re: SSH attacks? mgotts (Jul 31)
- Re: SSH attacks? Steve Schuster (Jul 29)
- Re: SSH attacks? Merlijn Tishauser (Jul 30)
- Re: SSH attacks? Jyri Hovila (Jul 29)
- Re: SSH attacks? Chris Brenton (Jul 29)
- Re: SSH attacks? Valdis . Kletnieks (Jul 30)
- Re: SSH attacks? Thomas Hochstein (Jul 30)
- Re: SSH attacks? Matt Beland (Jul 30)
- Re: SSH attacks? Jyri Hovila (Jul 29)
- Re: SSH attacks? Andrew J Caines (Jul 29)
- Re: SSH attacks? Marcus Merrin (Jul 29)