There was an exploit that was released for SSH Communications product some time ago. I know of at least a few companies that were compromised in this fashion. I haven't heard of any vulnerabilities in the latest OpenSSH release, if anyone is aware of any would be cool to hear about it.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dave Horsfall Sent: Tuesday, October 16, 2001 8:16 PM To: Firewalls List Subject: SSH scanning First time I've seen port 22 scanning... Even made it to the top of the list too, outnumbering portmapper scans. [213.121.253.106] resolves to "gatekeeper.eag.uk.com" Oct 16 13:14:15 denied tcp 213.121.253.106(22) -> XXX.1(22), 1 packet Oct 16 13:14:15 denied tcp 213.121.253.106(22) -> XXX.3(22), 1 packet Oct 16 13:14:15 denied tcp 213.121.253.106(22) -> XXX.5(22), 1 packet Oct 16 13:14:15 denied tcp 213.121.253.106(22) -> XXX.7(22), 1 packet Etc. [134.100.2.30] resolves to "POOL118RE-1ST.rrz.uni-hamburg.de" Oct 16 18:59:45 denied tcp 134.100.2.30(22) -> XXX.13(22), 1 packet Oct 16 18:59:45 denied tcp 134.100.2.30(22) -> XXX.8(22), 1 packet Oct 16 18:59:45 denied tcp 134.100.2.30(22) -> XXX.15(22), 1 packet Oct 16 18:59:45 denied tcp 134.100.2.30(22) -> XXX.14(22), 1 packet Oct 16 18:59:45 denied tcp 134.100.2.30(22) -> XXX.17(22), 1 packet Etc. Hits by target port: Hits Port ---- ---- 319 ssh(tcp.22) 310 sunrpc(tcp.111) 60 500 -- Dave Horsfall ATM-S VK2KFU [EMAIL PROTECTED] Ph: +61 2 9906 3377 Fx: 9906 3468 (Unix Guru) Pacific ESI, Unit 22, 8 Campbell St, Artarmon, NSW 2065, Australia _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
