[Dshield] SSH Scans
Johannes B. Ullrich
jullrich at euclidian.com
Thu Nov 8 17:06:28 GMT 2001
-----BEGIN PGP SIGNED MESSAGE-----
> The last couple of days I have seen an increasing amount of ssh version
> scans on our servers.
> When I check these, they all seem to originate from systems running
> SSH-1.99-OpenSSH_2.1.1 [apparently some exploit in that version is abused].
> Contacting the admins of these systems has confirmed these were compromized.
> Am I the only one to notice this increase [i.e. is it incidental and pure
> co-incidence] or is some kind of worm suddenly active (again)?
It could be thats somebody wrapped the crc exploit into a worm. Send me
some of the source IPs off list please.
jullrich at sans.org Join http://www.DShield.org
Distributed Intrusion Detection System
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the list