Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: OpenSSH attack attempt?
From: "ja6.com" <maillist () ja6 com>
Date: Mon, 22 Mar 2004 06:52:41 -0500

I found the same string in a google cache link,
of course it does look suspicious, and considering how many ssh related exploits there have been,
I do not know what exactly it is.

here is the link if you are interested:

the actual site url is a 404 right now

Honza Vlach wrote:


Has anybody seen anything like this in openssh logs?

2004-03-22 09:01:37.781326500 Failed keyboard-interactive for illegal
user xjunr
01 from ::ffff: port 61991 ssh2
2004-03-22 09:01:37.781379500 Disconnecting: Too many authentication
failures fo
r xjunr01
2004-03-22 09:02:05.879614500 Bad protocol version identification
377\373 \377\373\030\377\373'\377\375\001\377\373\003\377\375\003sdf'
from ::fff
2004-03-22 09:02:36.287775500 Bad protocol version identification
377\373 \377\373\030\377\373'\377\375\001\377\373\003\377\375\003' from

Is it some attack attempt? I've checked both full-disclosure archive and
google, unfortunately haven't found anything usable.

Thanks in advance,
Honza Vlach

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]