[Dshield] SSH Scans

Pieter-Bas IJdens pbijdens at emea.mi4.org.uk
Thu Nov 8 13:45:26 GMT 2001


The last couple of days I have seen an increasing amount of ssh version
scans on our servers.

When I check these, they all seem to originate from systems running
SSH-1.99-OpenSSH_2.1.1 [apparently some exploit in that version is abused].
Contacting the admins of these systems has confirmed these were compromized.

Am I the only one to notice this increase [i.e. is it incidental and pure
co-incidence] or is some kind of worm suddenly active (again)?


More information about the list mailing list