[Gllug] nmap
E. R. Vaughan
e.vaughan at btinternet.com
Tue Jan 29 22:54:21 UTC 2002
Jan 29 14:32:41 karl sshd[2853]: scanned from 195.103.116.200 with
SSH-1.0-SSH_Version_Mapp
er. Don't panic.
Jan 29 14:32:41 karl sshd[2852]: Did not receive identification string from
195.103.116.200
They are looking for the "CRC-32 compensation attack detector vulnerability"
. I got burned by this at the start of the year, very very nasty. Also, not
to distract blame from myself for not keeping up with things, but the
OpenSSH site does not make it clear enough IMHO that this bug affects 1.0
daemons - I think it should be splashed across their home page FWIW,
Emil
----- Original Message -----
From: "Tom Gilbert" <tom at linuxbrit.co.uk>
To: <gllug at linux.co.uk>
Sent: Tuesday, January 29, 2002 10:42 PM
Subject: Re: [Gllug] nmap
* Nix (nix at esperi.demon.co.uk) wrote:
> except that both of these have had more security holes reported than
> tcp-wrappers; I've had 216.140.210.34, root at 217.158.66.79 (twice) in the
> last day alone.
Had? As in what? People successfully logging in?
And the worst httpd bug I've heard of recently (in years) is the
directory traversal bug.
Tom.
--
.^. .-------------------------------------------------------.
/V\ | Tom Gilbert, London, England | http://linuxbrit.co.uk |
/( )\ | Open Source/UNIX consultant | tom at linuxbrit.co.uk |
^^-^^ `-------------------------------------------------------'
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list