Openssh is currently on version 2.9.9p2 last week (or 2 weeks ago) there was a hole in OpenSSH regarding restricting IP's that were configured in OpenSSH.
It comes to this that someone, with an IP that is not allowed to connect to that server which you can configure in OpenSSH (so not tcp_wrappers or firewall rules), to connect in some way (will not get in detail here) to that server that should block the connection. (hope you still can keep track :o) That's why they brought version 2.9.9p2 to the market... Regards, Brenno > -----Original Message----- > From: Carl E. Mankinen [SMTP:[EMAIL PROTECTED]] > Sent: woensdag 17 oktober 2001 5:03 > To: 'Dave Horsfall'; 'Firewalls List' > Subject: RE: SSH scanning > > There was an exploit that was released for SSH Communications product > some time ago. I know of at least a few companies that were compromised > in this fashion. I haven't heard of any vulnerabilities in the latest > OpenSSH release, if anyone is aware of any would be cool to hear about > it. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Dave Horsfall > Sent: Tuesday, October 16, 2001 8:16 PM > To: Firewalls List > Subject: SSH scanning > > First time I've seen port 22 scanning... Even made it to the top of the > list too, outnumbering portmapper scans. > > [213.121.253.106] resolves to "gatekeeper.eag.uk.com" > > Oct 16 13:14:15 denied tcp 213.121.253.106(22) -> XXX.1(22), 1 packet > Oct 16 13:14:15 denied tcp 213.121.253.106(22) -> XXX.3(22), 1 packet > Oct 16 13:14:15 denied tcp 213.121.253.106(22) -> XXX.5(22), 1 packet > Oct 16 13:14:15 denied tcp 213.121.253.106(22) -> XXX.7(22), 1 packet > > Etc. > > [134.100.2.30] resolves to "POOL118RE-1ST.rrz.uni-hamburg.de" > > Oct 16 18:59:45 denied tcp 134.100.2.30(22) -> XXX.13(22), 1 packet > Oct 16 18:59:45 denied tcp 134.100.2.30(22) -> XXX.8(22), 1 packet > Oct 16 18:59:45 denied tcp 134.100.2.30(22) -> XXX.15(22), 1 packet > Oct 16 18:59:45 denied tcp 134.100.2.30(22) -> XXX.14(22), 1 packet > Oct 16 18:59:45 denied tcp 134.100.2.30(22) -> XXX.17(22), 1 packet > > Etc. > > Hits by target port: > > Hits Port > ---- ---- > > 319 ssh(tcp.22) > 310 sunrpc(tcp.111) > 60 500 > > > -- > Dave Horsfall ATM-S VK2KFU [EMAIL PROTECTED] Ph: +61 2 9906 3377 Fx: > 9906 3468 > (Unix Guru) Pacific ESI, Unit 22, 8 Campbell St, Artarmon, NSW 2065, > Australia > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
