From owner-freebsd-security Tue Jun 25 14:26:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.gbronline.com (mail.gbronline.com [12.145.226.4]) by hub.freebsd.org (Postfix) with ESMTP id B4BF237B403 for ; Tue, 25 Jun 2002 14:26:48 -0700 (PDT) Received: from daleco [12.145.236.48] by mail.gbronline.com (SMTPD32-7.10) id AFBBB990070; Tue, 25 Jun 2002 16:25:15 -0500 Message-ID: <010801c21c8e$f2860b80$30ec910c@fbccarthage.com> From: "Kevin Kinsey, DaleCo, S.P." To: "Blaine Kahle" , References: <3D18C985.000067.31912@ns.interchange.ca> <20020625161019.A52785@matrix.binary.net> Subject: Re: Upcoming OpenSSH vulnerability Date: Tue, 25 Jun 2002 16:26:17 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Blaine Kahle" To: Sent: Tuesday, June 25, 2002 4:10 PM Subject: Re: Upcoming OpenSSH vulnerability > On Tue, Jun 25, 2002 at 03:50:29PM -0400, Michael Richards wrote: > > >> Michael, Doug, any word on the status of this? Have the OpenSSH > > >> developers been notified of this? > > > > > > Reading the rest of that mail, I get the impression it was some > > > sort of dumb joke/rhetorical statement, he didn't really have an > > > exploit... > > > > Yes, I thought it was sarcastic enough that everyone would take it as > > that. As a result of something I saw this AM I believe it would be a > > great idea to upgrade immediately. There is an exploit out in the > > wild and it's been demonstrated to me. I've been spending all day > > frantically upgrading all of our machines. Will probably be up long > > into the night ensuring everything is up and working. > > And I think it's being scanned for: > > Jun 25 16:10:06 aspire sshd[26012]: scanned from 203.74.9.16 with SSH-1.0-SSH_Version_Mapper. Don't panic. > Jun 25 16:10:06 aspire sshd[26009]: Did not receive identification string from 203.74.9.16 > Doubt that it's this exploit in _particular_ that they're looking for. Perhaps it's that and anything else they can find out about you. Like it says, "Don't panic." This is very common and was happening long before this thread came up. If anything, I've been seeing it less in the last 3-4 days. Hmm, maybe it's time to should recheck the IDS & checksums :-) Kevin Kinsey To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message