Date: Tue, 25 Jun 2002 16:45:07 -0500 From: Blaine Kahle <goatee@binary.net> To: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz> Cc: security@FreeBSD.ORG Subject: Re: Upcoming OpenSSH vulnerability Message-ID: <20020625214507.GE2718@deskpuppy.ops.binary.net> In-Reply-To: <010801c21c8e$f2860b80$30ec910c@fbccarthage.com> References: <3D18C985.000067.31912@ns.interchange.ca> <20020625161019.A52785@matrix.binary.net> <010801c21c8e$f2860b80$30ec910c@fbccarthage.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jun 25, 2002 at 04:26:17PM -0500, Kevin Kinsey, DaleCo, S.P. wrote:
> ----- Original Message -----
> From: "Blaine Kahle" <goatee@binary.net>
> > And I think it's being scanned for:
> >
> > Jun 25 16:10:06 aspire sshd[26012]: scanned from 203.74.9.16 with
> > SSH-1.0-SSH_Version_Mapper. Don't panic.
> > Jun 25 16:10:06 aspire sshd[26009]: Did not receive identification
> > string from 203.74.9.16
>
> Doubt that it's this exploit in _particular_ that they're looking for.
> Perhaps it's that and anything else they can find out about you. Like
> it says, "Don't panic." This is very common and was happening long
> before this thread came up. If anything, I've been seeing it less in
> the last 3-4 days. Hmm, maybe it's time to should recheck the IDS &
> checksums :-)
My apologies for the reflex. I'd never noticed this scan before, and the
coincidence was just too tasty. I concur that these scans have gone on a
long time, but my rate of being scanned has risen the past few days.
--
Blaine Kahle blaine@binary.net
Systems Programmer Binary Net, Inc.
UID 0, Zip, Zilch, Nada www.binary.net
0x178AA0E0
Do not meddle in the affairs of sysadmins,
for they are quick to anger and have no need for subtlety.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020625214507.GE2718>