Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: incidents Digest 22 Feb 2004 13:01:58 -0000 Issue 515

From: Adrian.S.Howchin () transport qld gov au
Date: Mon, 23 Feb 2004 13:40:05 +1000









incidents-digest-help () securityfocus com on 22/02/2004 11:01:58 PM

To:    incidents () securityfocus com
cc:
Subject:    incidents Digest 22 Feb 2004 13:01:58 -0000 Issue 515

My only thought is the plain obvious stuff, eg. did the user (you attempted
to log in as) have permission to their home directory? I recently found a
similar thing happening to me, although granted this was with VSFTPD, not
openssh...

HTH,
Adrian

<Standard "This mans' opinion does not represent our companys'
opinion...unless you like what he says, then we told him to say it!"
disclaimer>


Date: Sun, 22 Feb 2004 09:45:27 -0800 (PST)
From: Benjamin Franz <snowhare () nihongo org>
To: incidents () securityfocus com
Subject: OpenSSH anomaly
Message-ID:
<Pine.LNX.4.44.0402220936480.16429-100000 () high-mountain nihongo org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"


I'm running a RedHat Enterprise 3 ES server that has been running fairly
reliably for a month. This morning we could not remotely login to the
server via SSH because openssh would terminate the connection immediately
(no delay) after apparently successfully logging in - without giving a
prompt. We are current on patches up to Feb 1 with the exception of the
kernel which is RHES 2.4.21-4.0.1.ELsmp. A console reboot succeeded in
restoring connectivity. We couldn't find any footprints in any log or any
suspicious file activity. No record of the failed logins (we attempted
using both pubkey and password) were in the logs. The openssh version is
RedHat's 3.6.1p2-18.

Has anyone else seen something similiar?

--
Benjamin Franz

On that of which one cannot speak, one must remain silent.
                                   ---Wittgenstein








************************************************************
Opinions contained in this e-mail do not necessarily reflect
the opinions of the Queensland Department of Main Roads,
Queensland Transport or Maritime Safety Queensland, or
endorsed organisations utilising the same infrastructure.
If you have received this electronic mail message in error,
please immediately notify the sender and delete the message
from your computer.
************************************************************


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_incidents_040219
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: