From owner-freebsd-security@FreeBSD.ORG Tue Sep 16 11:41:56 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 17C5316A4B3; Tue, 16 Sep 2003 11:41:56 -0700 (PDT) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 03FE743FA3; Tue, 16 Sep 2003 11:41:55 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA08824; Tue, 16 Sep 2003 12:41:46 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20030916123558.02cfdef0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 16 Sep 2003 12:41:14 -0600 To: "Jacques A. Vidrine" , freebsd-security@freebsd.org From: Brett Glass In-Reply-To: <20030916134347.GA30359@madman.celabo.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: Re: OpenSSH heads-up X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Sep 2003 18:41:56 -0000 At 07:43 AM 9/16/2003, Jacques A. Vidrine wrote: >OK, an official OpenSSH advisory was released, see here: > Interesting. During the past 48 hours, we've been probed several times by hosts that connected to each of our servers on Port 22 and then disconnected without authenticating. (They were probably just looking for the greeting.) For example: Sep 14 11:18:54 www sshd[16658]: fatal: Timeout before authentication for 62.107.50.87. The source of the probes appears to be in Denmark. Could it be that some party or parties knew about this before the announcement and is probing for hosts to exploit? --Brett Glass