| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <405ED389.3060607@ja6.com> From: maillist at ja6.com (ja6.com) Subject: OpenSSH attack attempt? I found the same string in a google cache link, of course it does look suspicious, and considering how many ssh related exploits there have been, I do not know what exactly it is. here is the link if you are interested: http://216.239.41.104/search?q=cache:FERt5O1-qbQJ:www.rpi.edu/locker/44/001244/auth.log+%22%5C377%5C373%5C030%5C377%5C373%27%5C377%5C375%5C%22&hl=en&ie=UTF-8 the actual site url is a 404 right now Honza Vlach wrote: >Hi, > >Has anybody seen anything like this in openssh logs? > >2004-03-22 09:01:37.781326500 Failed keyboard-interactive for illegal >user xjunr >01 from ::ffff:212.65.252.97 port 61991 ssh2 >2004-03-22 09:01:37.781379500 Disconnecting: Too many authentication >failures fo >r xjunr01 >2004-03-22 09:02:05.879614500 Bad protocol version identification >'\377\373\037\ >377\373 \377\373\030\377\373'\377\375\001\377\373\003\377\375\003sdf' >from ::fff >f:212.65.252.97 >2004-03-22 09:02:36.287775500 Bad protocol version identification >'\377\373\037\ >377\373 \377\373\030\377\373'\377\375\001\377\373\003\377\375\003' from >::ffff:2 >12.65.252.97 > >Is it some attack attempt? I've checked both full-disclosure archive and >google, unfortunately haven't found anything usable. > >Thanks in advance, >Honza Vlach > > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Powered by blists - more mailing lists