From owner-freebsd-security  Tue Jun 25 14:45:57 2002
Delivered-To: freebsd-security@freebsd.org
Received: from nu.binary.net (nu.binary.net [216.229.0.6])
	by hub.freebsd.org (Postfix) with ESMTP id 7DDC437B400
	for <security@FreeBSD.ORG>; Tue, 25 Jun 2002 14:45:51 -0700 (PDT)
Received: from deskpuppy.ops.binary.net (xanadu-pub.binary.net [216.229.9.34])
	by nu.binary.net (Postfix) with ESMTP
	id 1542C9BC5C; Tue, 25 Jun 2002 16:45:51 -0500 (CDT)
Received: by deskpuppy.ops.binary.net (Postfix, from userid 1000)
	id 72069ECDD4; Tue, 25 Jun 2002 16:45:07 -0500 (CDT)
Date: Tue, 25 Jun 2002 16:45:07 -0500
From: Blaine Kahle <goatee@binary.net>
To: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz>
Cc: security@FreeBSD.ORG
Subject: Re: Upcoming OpenSSH vulnerability
Message-ID: <20020625214507.GE2718@deskpuppy.ops.binary.net>
Mail-Followup-To: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz>,
	security@FreeBSD.ORG
References: <3D18C985.000067.31912@ns.interchange.ca> <20020625161019.A52785@matrix.binary.net> <010801c21c8e$f2860b80$30ec910c@fbccarthage.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <010801c21c8e$f2860b80$30ec910c@fbccarthage.com>
User-Agent: Mutt/1.4i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, Jun 25, 2002 at 04:26:17PM -0500, Kevin Kinsey, DaleCo, S.P. wrote:
> ----- Original Message -----
> From: "Blaine Kahle" <goatee@binary.net>
> > And I think it's being scanned for:
> >
> > Jun 25 16:10:06 aspire sshd[26012]: scanned from 203.74.9.16 with
> > SSH-1.0-SSH_Version_Mapper.  Don't panic.
> > Jun 25 16:10:06 aspire sshd[26009]: Did not receive identification
> > string from 203.74.9.16
> 
> Doubt that it's this exploit in _particular_ that they're looking for.
> Perhaps it's that and anything else they can find out about you.  Like
> it says, "Don't panic."  This is very common and was happening long
> before this thread came up. If anything, I've been seeing it less in
> the last 3-4 days.  Hmm, maybe it's time to should recheck the IDS &
> checksums :-)

My apologies for the reflex. I'd never noticed this scan before, and the
coincidence was just too tasty. I concur that these scans have gone on a
long time, but my rate of being scanned has risen the past few days.

-- 
Blaine Kahle                                         blaine@binary.net
Systems Programmer                                    Binary Net, Inc.
UID 0, Zip, Zilch, Nada                                 www.binary.net
                                                            0x178AA0E0
Do not meddle in the affairs of sysadmins,
for they are quick to anger and have no need for subtlety.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message