[K12OSN] SSH

John Lucas mrjohnlucas at gmail.com
Mon Feb 5 17:51:36 UTC 2007 

Port scanning is the examination of remote systems for available services and 
is a usual preliminary used by "crackers" to exploit a vulnerable service for 
break-in. In this case it probably means that tcp port 22 on *many* remote 
systems were being probed to see if the service is accessable. Next step 
would be to determine the version of the service and what platform it is on 
to see if it can be exploited. As an example a simple "telnet somehost 22" 
might return: "SSH-1.99-OpenSSH_3.5p1". There could be automated tools that 
discover vulnerable systems and also automates the exploit (one does not have 
to be clever).

AFAIK there is no current exploit on recent SSH services, so one would have to 
be looking for really old versions.


On Monday 05 February 2007 13:00, Tim Hart wrote:
> "Support list for open source software in schools." <k12osn at redhat.com> on
>
> Monday, February 05, 2007 at 11:38 AM -0500 wrote:
> >What does 'outbound ssh scanning' mean?
>
> That is my question! Of course now I can't get through to them to turn my
> IP addesses back on. Great start to the week. :)
>
> This is happening on a brand new install of K12LTSP 6 and a 6 month old
> K12LTSP 5 install.
>
> Tim
>

Port scanning is the examination of remote systems for available services and 
is a usual preliminary used by "crackers" to exploit a vulnerable service for 
break-in. In this case it probably means that tcp port 22 on *many* remote 
systems were being probed to see if the service is accessable. Next step 
would be to determine the version of the service and what platform it is on 
to see if it can be exploited. As an example a simple "telnet somehost 22" 
might return: "SSH-1.99-OpenSSH_3.5p1". There could be automated tools that 
discover vulnerable systems and also automates the exploit (one does not have 
to be clever).

AFAIK there is no current exploit on recent SSH services, so one would have to 
be looking for really old versions.

Your ISP does *not* have to shut you down completely, they could block 
outgoing tcp/22 probes and leave the rest of the net up.

> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>

-- 
        "History doesn't repeat itself; at best it rhymes."
                        - Mark Twain

| John Lucas                          MrJohnLucas at gmail.com               |
| St. Thomas, VI 00802                http://mrjohnlucas.googlepages.com/ |
| 18.3°N, 65°W                        AST (UTC-4)                         |

More information about the K12OSN mailing list