| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <B1E53B3EAC80094C8667A0B229F392560DD055@cheshire7.ad.felines.org> From: libove at felines.org (Jay Libove) Subject: SSH login attempts: tcpdump packet capture I got a packet capture of one of the SSH2 sessions trying to log in as a couple of illegal usernames. The contents of one packet suggests an attempt to buffer overflow the SSH server; ethereal's SSH decoding says "overly large value". It didn't seem to work against my system (I see no strange processes running; all files changed in past ten days look normal). I am cross-posting this message and the attached tcpdump packet capture file to the following places to let better people than I analyze it: openssh-unix-dev@...drot.org secureshell@...urityfocus.com full-disclosure@...ts.netsys.com vulnwatch@...nwatch.org -Jay Libove, CISSP -------------- next part -------------- A non-text attachment was scrubbed... Name: ssh2.tcpdump Type: application/octet-stream Size: 8506 bytes Desc: ssh2.tcpdump Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040801/9b2f5fea/ssh2.obj
Powered by blists - more mailing lists