[plug] Anyone seen this particular attack pattern before?
Nathan Alberti
macro at nathan.linux-dude.net
Fri Jan 18 00:09:42 WST 2002
Yes correct...
You have updated your SSH package ?
Nathan.
----- Original Message -----
From: "Craig Foster" <fostware at iinet.net.au>
To: <plug at plug.linux.org.au>
Sent: Friday, January 18, 2002 12:02 AM
Subject: RE: [plug] Anyone seen this particular attack pattern before?
> While we're at this, is everyone here sick of this appearing in their
> logs:-
>
> Jan 16 08:44:45 server sshd[1666]: Did not receive identification string
> from 216.205.150.245.
> Jan 16 10:47:46 server sshd[4043]: Did not receive identification string
> from 216.205.150.245.
> Jan 16 13:32:41 server sshd[6949]: Did not receive identification string
> from 195.70.42.90.
> Jan 16 13:32:43 server sshd[6948]: Did not receive identification string
> from 195.70.42.90.
> Jan 16 15:41:54 server sshd[9262]: Did not receive identification string
> from 148.223.110.147.
> Jan 17 08:24:04 server sshd[25758]: Did not receive identification string
> from 61.77.137.6.
> Jan 17 08:24:04 server sshd[25757]: Did not receive identification string
> from 61.77.137.6.
> Jan 17 11:36:45 server sshd[28869]: Did not receive identification string
> from 210.156.196.40.
>
> Anyone care to elaborate on what this is? AFAIK it's a SSH1 UseLogin
> exploit, but I just want to be sure...
>
>
> Regards,
>
> Craig Foster
>
More information about the plug
mailing list