Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: SSH login attempts: tcpdump packet capture

SSH login attempts: tcpdump packet capture

From: Jay Libove <libove_at_felines.org>
Date: Sun, 1 Aug 2004 14:03:39 -0400

I got a packet capture of one of the SSH2 sessions trying to log in as a
couple of illegal usernames. The contents of one packet suggests an
attempt to buffer overflow the SSH server; ethereal's SSH decoding says
"overly large value".

It didn't seem to work against my system (I see no strange processes
running; all files changed in past ten days look normal).

I am cross-posting this message and the attached tcpdump packet capture
file to the following places to let better people than I analyze it:
        openssh-unix-dev_at_mindrot.org
        secureshell_at_securityfocus.com
        full-disclosure_at_lists.netsys.com
        vulnwatch_at_vulnwatch.org

-Jay Libove, CISSP

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Received on Aug 01 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos