Date: Tue, 25 Jun 2002 16:26:17 -0500 From: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz> To: "Blaine Kahle" <goatee@binary.net>, <security@FreeBSD.ORG> Subject: Re: Upcoming OpenSSH vulnerability Message-ID: <010801c21c8e$f2860b80$30ec910c@fbccarthage.com> References: <3D18C985.000067.31912@ns.interchange.ca> <20020625161019.A52785@matrix.binary.net>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Blaine Kahle" <goatee@binary.net> To: <security@FreeBSD.ORG> Sent: Tuesday, June 25, 2002 4:10 PM Subject: Re: Upcoming OpenSSH vulnerability > On Tue, Jun 25, 2002 at 03:50:29PM -0400, Michael Richards wrote: > > >> Michael, Doug, any word on the status of this? Have the OpenSSH > > >> developers been notified of this? > > > > > > Reading the rest of that mail, I get the impression it was some > > > sort of dumb joke/rhetorical statement, he didn't really have an > > > exploit... > > > > Yes, I thought it was sarcastic enough that everyone would take it as > > that. As a result of something I saw this AM I believe it would be a > > great idea to upgrade immediately. There is an exploit out in the > > wild and it's been demonstrated to me. I've been spending all day > > frantically upgrading all of our machines. Will probably be up long > > into the night ensuring everything is up and working. > > And I think it's being scanned for: > > Jun 25 16:10:06 aspire sshd[26012]: scanned from 203.74.9.16 with SSH-1.0-SSH_Version_Mapper. Don't panic. > Jun 25 16:10:06 aspire sshd[26009]: Did not receive identification string from 203.74.9.16 > Doubt that it's this exploit in _particular_ that they're looking for. Perhaps it's that and anything else they can find out about you. Like it says, "Don't panic." This is very common and was happening long before this thread came up. If anything, I've been seeing it less in the last 3-4 days. Hmm, maybe it's time to should recheck the IDS & checksums :-) Kevin Kinsey To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?010801c21c8e$f2860b80$30ec910c>