[plug] Anyone seen this particular attack pattern before?
Craig Foster
fostware at iinet.net.au
Fri Jan 18 00:02:54 WST 2002
While we're at this, is everyone here sick of this appearing in their
logs:-
Jan 16 08:44:45 server sshd[1666]: Did not receive identification string
from 216.205.150.245.
Jan 16 10:47:46 server sshd[4043]: Did not receive identification string
from 216.205.150.245.
Jan 16 13:32:41 server sshd[6949]: Did not receive identification string
from 195.70.42.90.
Jan 16 13:32:43 server sshd[6948]: Did not receive identification string
from 195.70.42.90.
Jan 16 15:41:54 server sshd[9262]: Did not receive identification string
from 148.223.110.147.
Jan 17 08:24:04 server sshd[25758]: Did not receive identification string
from 61.77.137.6.
Jan 17 08:24:04 server sshd[25757]: Did not receive identification string
from 61.77.137.6.
Jan 17 11:36:45 server sshd[28869]: Did not receive identification string
from 210.156.196.40.
Anyone care to elaborate on what this is? AFAIK it's a SSH1 UseLogin
exploit, but I just want to be sure...
Regards,
Craig Foster
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2228 bytes
Desc: not available
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20020118/d2276099/attachment.bin>
More information about the plug
mailing list