Re: SSH attacks - anyone else seen these?

看板Bugtraq作者Mark.時間18年前 (2007/10/17 04:43)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串3/7 (看更多)

See the DenyHosts script for the response - this has been going on for years. There's no specific vulnerability, it's more a strength in numbers / worm like attack. The automated attack guesses right often enough to propagate and presumably build a *nix based botnet. ta, Mark Sent from my iPhone On Oct 16, 2007, at 6:06 PM, Tim <secnews@sp1r1t.de> wrote: > I've recently noticed this in my logs: > > Oct 15 15:30:04 mysrv sshd[9563]: Bad protocol version > identification 'POST /unauthenticated//..%01/..%01/..%01/..%01/..% > 01/..%01/.. > %01/..%01/..%01/..%01/..%01/..%01/..%01' from 59.106.20.158 > > Oct 1 17:14:51 mysrv sshd[9915]: Bad protocol version > identification '\377\364\377\375\006\377\364\377\375\006\377\364\377 > \375\006' > from 84.58.87.123 > Oct 1 17:15:13 airrocket sshd[11982]: Bad protocol version > identification '' > from 84.58.87.123 > > Did anyone else notice similar things? Does anyone know what > vulnerability > they are attacking? > > Thanks, > > -- > Tim >

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 Mark. 的文章

文章代碼(AID): #175IA900 (Bugtraq)