From owner-freebsd-security  Thu Mar  7 20: 1:41 2002
Delivered-To: freebsd-security@freebsd.org
Received: from web14803.mail.yahoo.com (web14803.mail.yahoo.com [216.136.224.219])
	by hub.freebsd.org (Postfix) with SMTP id D99D737B402
	for <freebsd-security@freebsd.org>; Thu,  7 Mar 2002 20:01:30 -0800 (PST)
Message-ID: <20020308040130.88177.qmail@web14803.mail.yahoo.com>
Received: from [68.60.199.48] by web14803.mail.yahoo.com via HTTP; Thu, 07 Mar 2002 20:01:30 PST
Date: Thu, 7 Mar 2002 20:01:30 -0800 (PST)
From: krzysztof Strzelczyk <cs052279@yahoo.com>
Subject: suspicious ssh logs
To: freebsd-security@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hello,

I am getting some suspicious logs in /var/log/messages
and also in my httpd logs.  Since the ssh exploit went
public today this worries me.

Here are the logs, can anyone clarify. 

messages:

Mar  7 17:58:10 server sshd[8783]: fatal: Local:
Corrupted check bytes on input.
Mar  7 17:58:21 server sshd[8786]: fatal: Local:
Corrupted check bytes on input.
Mar  7 17:58:36 server sshd[8791]: fatal: Local:
Corrupted check bytes on input.
Mar  7 17:58:51 server sshd[8798]: fatal: Local:
Corrupted check bytes on input.

httpd log: (It looks like maybe someone is trying to
run scripts that aren't really there?)

[Thu Mar  7 22:04:02 2002] [error] [client
195.252.149.234] File does not exist:
/usr/local/www/data/default.ida
[Thu Mar  7 22:18:41 2002] [error] [client
144.134.227.126] File does not exist:
/usr/local/www/data/gall/kellyashton/gall1.shtml
[Thu Mar  7 22:23:05 2002] [error] [client
67.201.235.198] File does not exist:
/usr/local/www/data/gall/nia/gall1.shtml
[Thu Mar  7 22:36:08 2002] [error] [client
68.60.16.31] File does not exist:
/usr/local/www/data/default.ida


Thanks
-Chris

__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message