Date: Thu, 30 May 2002 12:34:42 +0200 From: Oli <oli@blacktrap.net> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: sshd crashing? attack? Message-ID: <20020530123442.A32303@dentaal.blacktrap.net>
next in thread | raw e-mail | index | archive | help
Hello, I'm a little worried, here's what I found in the log of one of my servers today: # zgrep sshd /var/log/all.log.0.gz May 29 13:44:01 naboo sshd[28549]: fatal: Timeout before authentication for 210.179.254.1. May 29 13:51:05 naboo sshd[189]: Generating new 768 bit RSA key. May 29 13:51:08 naboo sshd[189]: RSA key generation complete. May 29 21:44:59 naboo sshd[29601]: Did not receive ident string from 61.36.23.138. May 29 21:50:59 naboo sshd[189]: Generating new 768 bit RSA key. May 29 21:51:00 naboo sshd[189]: RSA key generation complete. May 29 23:35:24 naboo sshd[29838]: Disconnecting: Your ssh version is too old and is no longer supported. Please install a newer version. May 29 23:36:06 naboo /kernel: pid 29839 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:36:08 naboo /kernel: pid 29840 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:36:10 naboo /kernel: pid 29841 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:36:12 naboo /kernel: pid 29842 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:36:15 naboo sshd[29843]: Disconnecting: Corrupted check bytes on input. May 29 23:36:17 naboo /kernel: pid 29844 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:36:19 naboo /kernel: pid 29845 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:36:21 naboo sshd[29846]: Disconnecting: Corrupted check bytes on input. May 29 23:36:23 naboo /kernel: pid 29847 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:36:25 naboo sshd[29848]: Disconnecting: Corrupted check bytes on input. May 29 23:36:28 naboo sshd[29849]: Disconnecting: Corrupted check bytes on input. May 29 23:36:30 naboo /kernel: pid 29850 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:36:32 naboo /kernel: pid 29851 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:36:34 naboo /kernel: pid 29852 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:36:36 naboo /kernel: pid 29853 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:36:38 naboo /kernel: pid 29854 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:36:38 naboo sshd[189]: rate limit (5/10) on xxx.xxx.xxx.xxx port 22 exceeded by 0.0.0.0 May 29 23:37:24 naboo sshd[29837]: fatal: Timeout before authentication for 212.17.230.193. May 29 23:37:53 naboo /kernel: pid 29855 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:37:57 naboo /kernel: pid 29856 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:38:02 naboo sshd[29857]: Disconnecting: Corrupted check bytes on input. May 29 23:38:06 naboo sshd[29858]: Disconnecting: Corrupted check bytes on input. May 29 23:38:10 naboo /kernel: pid 29859 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:38:15 naboo sshd[29860]: Disconnecting: Corrupted check bytes on input. May 29 23:38:20 naboo sshd[29861]: Disconnecting: Corrupted check bytes on input. May 29 23:38:25 naboo sshd[29862]: Disconnecting: Corrupted check bytes on input. May 29 23:38:30 naboo sshd[29863]: Disconnecting: Corrupted check bytes on input. May 29 23:38:34 naboo sshd[29864]: Disconnecting: Corrupted check bytes on input. May 29 23:38:38 naboo /kernel: pid 29865 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:38:42 naboo /kernel: pid 29866 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:38:45 naboo /kernel: pid 29867 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:38:49 naboo /kernel: pid 29868 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:38:54 naboo sshd[29869]: Disconnecting: Corrupted check bytes on input. May 29 23:38:58 naboo sshd[29870]: Disconnecting: Corrupted check bytes on input. May 29 23:39:03 naboo sshd[29871]: Disconnecting: Corrupted check bytes on input. May 29 23:39:07 naboo /kernel: pid 29872 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:39:11 naboo /kernel: pid 29873 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:39:15 naboo /kernel: pid 29874 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:39:18 naboo /kernel: pid 29875 (sshd), uid 0: exited on signal 11 (core dumped) May 29 23:50:57 naboo sshd[189]: Generating new 768 bit RSA key. May 29 23:51:00 naboo sshd[189]: RSA key generation complete. (xxx.xxx.xxx.xxx is the server's own IP) It seems sshd has been segfaulting a lot which I don't think is normal for a program, and especially one running as root. This has never happened before and sshd has been doing fine since then. Is this possibly an attack or something? This server is running FreeBSD 4.2-RELEASE, with the original sshd I think. All I know about the sshd version is that telnetting to port 22 yields "SSH-1.99-OpenSSH_2.2.0". Any ideas would be a great help :-) Thanks! -- Oli To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020530123442.A32303>