lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 16 Oct 2007 13:34:18 -0600
From: James Lay <jlay@...ve-tothe-box.net>
To: Bugtraq <bugtraq@...urityfocus.com>
Subject: Re: SSH attacks - anyone else seen these?




On 10/16/07 11:06 AM, "Tim" <secnews@...r1t.de> wrote:

> I've recently noticed this in my logs:
> 
> Oct 15 15:30:04 mysrv sshd[9563]: Bad protocol version
> identification 'POST /unauthenticated//..%01/..%01/..%01/..%01/..%01/..%01/..
> %01/..%01/..%01/..%01/..%01/..%01/..%01' from 59.106.20.158
> 
> Oct  1 17:14:51 mysrv sshd[9915]: Bad protocol version
> identification '\377\364\377\375\006\377\364\377\375\006\377\364\377\375\006'
> from 84.58.87.123
> Oct  1 17:15:13 airrocket sshd[11982]: Bad protocol version identification ''
> from 84.58.87.123
> 
> Did anyone else notice similar things? Does anyone know what vulnerability
> they are attacking?
> 
> Thanks,


Nothing in my logs..just out of curiosity, are you running sshd with
protocol version 1, 2, or both?

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ