Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: SSH attacks - anyone else seen these?
From: James Lay <jlay () slave-tothe-box net>
Date: Tue, 16 Oct 2007 13:34:18 -0600




On 10/16/07 11:06 AM, "Tim" <secnews () sp1r1t de> wrote:

I've recently noticed this in my logs:

Oct 15 15:30:04 mysrv sshd[9563]: Bad protocol version
identification 'POST /unauthenticated//..%01/..%01/..%01/..%01/..%01/..%01/..
%01/..%01/..%01/..%01/..%01/..%01/..%01' from 59.106.20.158

Oct  1 17:14:51 mysrv sshd[9915]: Bad protocol version
identification '\377\364\377\375\006\377\364\377\375\006\377\364\377\375\006'
from 84.58.87.123
Oct  1 17:15:13 airrocket sshd[11982]: Bad protocol version identification ''
from 84.58.87.123

Did anyone else notice similar things? Does anyone know what vulnerability
they are attacking?

Thanks,


Nothing in my logs..just out of curiosity, are you running sshd with
protocol version 1, 2, or both?

James



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]