SecurityFocus

Re: SSH attacks? Jul 29 2004 10:31AM
David Block (dave yucc yorku ca)

Re: SSH attacks? Jul 28 2004 04:33AM
brandy (brandy klammeraffe org) (2 replies)

Re: SSH attacks? Jul 29 2004 12:22AM
Andrew J Caines (A J Caines halplant com) (3 replies)

Re: SSH attacks? Jul 29 2004 10:12PM
Brian C. Lane (bcl brianlane com)

RE: SSH attacks? Jul 29 2004 06:32PM
Herman Frederick Ebeling Jr. (hfebelingjr lycos com)

Re: SSH attacks? Jul 29 2004 05:22PM
Marcus Merrin (marcus merrin emptyair com) (1 replies)

Re: SSH attacks? Jul 30 2004 12:58AM
Robin (robin kallisti net nz)

Re: SSH attacks? Jul 29 2004 12:18AM
Mike Whitley (mwhitley borg proceon com)

Re: SSH attacks? Jul 27 2004 09:12PM
buzz (reitenba fh-brandenburg de) (2 replies)

Re: SSH attacks? Jul 28 2004 07:05PM
Jyri Hovila (jyri hovila iki fi) (4 replies)

Re: SSH attacks? Jul 30 2004 05:40AM
Thomas Hochstein (ml ancalagon inka de)

Re: SSH attacks? Jul 29 2004 07:03PM
Chris Brenton (cbrenton chrisbrenton org)

Re: SSH attacks? Jul 29 2004 05:03PM
Matt Beland (matt rearviewmirror org)

Re: SSH attacks? Jul 29 2004 05:02PM
Valdis Kletnieks vt edu

Re: SSH attacks? Jul 28 2004 06:42PM
Jyri Hovila (jyri hovila iki fi)

Hi!

I collect logs from a bunch of OpenBSD hosts. Below is what I found
(sorry about the messy format).

Most of the hosts doing the scans seem to be running sshd. I'm afraid
this could mean there is a new SSH exploit out in the wild. I think
admins would do wisely restricting SSH logins to known IP addresses (or
subnets) when possible.

- Jyri

------------------------------------------------------------------------

Total of 166 records

First record: Jul 17th 17.27 EET (GMT +2)

Addresses, geological area, banners and usernames tested:

* = host appears more than once

Jul 17

212.65.244.xxx RIPE SSH-1.99-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3 admin, guest, user, test

Jul 20

61.60.51.xxx APNIC (no response) guest, test
66.250.111.xxx ARIN SSH-1.99-OpenSSH_3.1p1 admin, guest, user, test

Jul 21

195.113.17.xxx RIPE (no response) guest, test

Jul 23

63.166.192.xxx ARIN (no response) guest, test
211.119.136.xxx APNIC (no response) guest, test
216.20.112.xxx ARIN SSH-1.99-OpenSSH_2.3.0p1 guest, test

Jul 24

* 61.109.156.xxx APNIC SSH-1.99-OpenSSH_3.5p1 guest, test

64.8.171.xxx ARIN (no response) admin, guest, user, test

Jul 25

* 61.109.156.xxx APNIC SSH-1.99-OpenSSH_3.5p1 guest, test
80.53.236.xxx RIPE (connection refused) guest, test
* 81.8.206.xxx RIPE SSH-1.99-OpenSSH_3.6.1p2 guest, test
210.101.234.xxx APNIC (no response)
guest, test

Jul 26

* 61.109.156.xxx APNIC SSH-1.99-OpenSSH_3.5p1 guest, test
67.68.231.xxx ARIN SSH-1.99-OpenSSH_3.5p1 guest, test
* 81.8.206.xxx RIPE SSH-1.99-OpenSSH_3.6.1p2 guest, test
202.134.73.xxx APNIC SSH-1.99-OpenSSH_3.1p1 guest, test

Jul 27

* 81.8.206.xxx RIPE SSH-1.99-OpenSSH_3.6.1p2 guest, test
194.204.17.xxx RIPE SSH-1.99-OpenSSH_3.5p1 guest, test
208.30.184.xxx ARIN (connection refused) guest, test
210.0.186.xxx APNIC SSH-2.0-OpenSSH_3.5p1 guest, test
210.83.203.xxx APNIC SSH-1.99-OpenSSH_2.5.2p2 guest, test

Jul 28

64.69.77.xxx ARIN (connection refused) guest, test
69.0.134.xxx ARIN SSH-1.99-OpenSSH_2.9p2 admin, user, guest, test
209.176.248.xxx ARIN SSH-1.99-OpenSSH_2.3.0p1 guest, test
211.184.226.xxx APNIC (connection refused) guest, test
------------------------------------------------------------------------

##################################################################
# This message has been checked for viruses using Qmail-Scanner. #
# http://www.turvamies.fi #
##################################################################

[ reply ]

Re: SSH attacks? Jul 27 2004 08:46PM
Adam Young (adam vbfx com) (1 replies)

Re: SSH attacks? Jul 28 2004 08:19AM
Christine Kronberg (Christine_Kronberg genua de) (3 replies)

Re: SSH attacks? Jul 29 2004 04:53PM
Steve Schuster (sjs74 cornell edu)

Re: SSH attacks? Jul 29 2004 04:05PM
Merlijn Tishauser (merlijn begeleidingentraining nl)

Re: SSH attacks? Jul 29 2004 09:21AM
Pieter-Bas IJdens (pieter-bas ijdens com) (2 replies)

Re: SSH attacks? Jul 30 2004 12:38AM
Jay D. Dyson (jdyson treachery net) (2 replies)

Re: SSH attacks? Jul 31 2004 12:06AM
mgotts 2roads com

Re: SSH attacks? Jul 31 2004 12:05AM
Frank Knobbe (frank knobbe us)

Re: SSH attacks? Jul 29 2004 10:12AM
Christine Kronberg (Christine_Kronberg genua de) (2 replies)

Re: SSH attacks? Jul 30 2004 01:26AM
Frank Knobbe (frank knobbe us)

Re: SSH attacks? Jul 29 2004 10:44AM
Pieter-Bas IJdens (pieter-bas ijdens com)

Re: SSH attacks? Jul 27 2004 07:21PM
Tom Laermans (tom laermans powersource cx)

Re: SSH attacks? Jul 27 2004 07:17PM
Chris Brown (chris wavetex com)

Re: SSH attacks? Jul 27 2004 06:24PM
Jason Falciola (falciola us ibm com)

Re: SSH attacks? Jul 27 2004 06:15PM
Paul Schmehl (pauls utdallas edu) (1 replies)

Re: SSH attacks? Jul 30 2004 06:37PM
George Georgalis (george galis org)

Re: SSH attacks? Jul 27 2004 06:06PM
Josh Tolley (josh raintreeinc com)

Re: SSH attacks? Jul 27 2004 06:00PM
Tobias Rice (rice up edu) (1 replies)

Re: SSH attacks? Jul 28 2004 03:43AM
Chris Brenton (cbrenton chrisbrenton org)