Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src / Print Next >>

From: Tim <secnews@sp1r1t.de.>
To: [email protected]
Subject: SSH attacks - anyone else seen these?
Date: Tue, 16 Oct 2007 19:06:19 +0200
User-Agent: KMail/1.9.6
MIME-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-Id: <200710161906.19429.secnews@sp1r1t.de.>
X-bounce-key: webpack.hosteurope.de;[email protected];1192554386;c36c3d51;
X-Virus-Scanned: antivirus-gw at tyumen.ru

I've recently noticed this in my logs:=20

Oct 15 15:30:04 mysrv sshd[9563]: Bad protocol version=20
identification 'POST /unauthenticated//..%01/..%01/..%01/..%01/..%01/..%01/=
=2E.
%01/..%01/..%01/..%01/..%01/..%01/..%01' from 59.106.20.158

Oct =C2=A01 17:14:51 mysrv sshd[9915]: Bad protocol version=20
identification '\377\364\377\375\006\377\364\377\375\006\377\364\377\375\00=
6'=20
from 84.58.87.123
Oct =C2=A01 17:15:13 airrocket sshd[11982]: Bad protocol version identifica=
tion ''=20
from 84.58.87.123

Did anyone else notice similar things? Does anyone know what vulnerability=
=20
they are attacking?

Thanks,

=2D-=20
Tim

<< Previous INDEX Search src / Print Next >>

Партнёры:

Хостинг: