[Dshield] SSH Scans

Coxe, John B. JOHN.B.COXE at saic.com
Thu Nov 8 17:12:40 GMT 2001

I have noticed an increase on some of my servers on the PACBELL net.  But I
am not aware of any particular new vulnerability or exploit.  If they are
just scans, maybe someone wants to profile the net for future exploits
potential.  (My tcp wrappers don't allow them to connect, so they'll know I
am running SSH but will have limited possibilities in using that since
daemon access is cutoff.)

-----Original Message-----
From: Pieter-Bas IJdens [mailto:pbijdens at emea.mi4.org.uk]
Sent: Thursday, November 08, 2001 5:45 AM
To: dshield at dshield.org
Subject: [Dshield] SSH Scans


The last couple of days I have seen an increasing amount of ssh version
scans on our servers.

When I check these, they all seem to originate from systems running
SSH-1.99-OpenSSH_2.1.1 [apparently some exploit in that version is abused].
Contacting the admins of these systems has confirmed these were compromized.

Am I the only one to notice this increase [i.e. is it incidental and pure
co-incidence] or is some kind of worm suddenly active (again)?


Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list