[Dshield] SSH Scans
pbijdens at emea.mi4.org.uk
Thu Nov 8 13:45:26 GMT 2001
The last couple of days I have seen an increasing amount of ssh version
scans on our servers.
When I check these, they all seem to originate from systems running
SSH-1.99-OpenSSH_2.1.1 [apparently some exploit in that version is abused].
Contacting the admins of these systems has confirmed these were compromized.
Am I the only one to notice this increase [i.e. is it incidental and pure
co-incidence] or is some kind of worm suddenly active (again)?
More information about the list