SSH attacks ?
Jeff
jeff at virgin.net
Thu Sep 16 17:10:14 UTC 2004
On Thu, 16 Sep 2004 12:12:51 -0400, Jurvis LaSalle wrote:
>
> On Sep 16, 2004, at 9:51 AM, Jason Dixon wrote:
>
>
>> On Sep 16, 2004, at 9:48 AM, Reuben D. Budiardja wrote:
>>
>>
>>> Hello,
>>> Just wondering if anyone's been seeing a lot of SSH attempts to
>>> their machines
>>> lately. I've seen at least 30 - 60 unautorizhed, brute force
>>> attempts to each
>>> of my server daily, and they come from different domain
>>> everyday.
>>>
>>
>> If, by brute force, you mean the "Admin/root/guest" dumb
>> attempts, then yes, I have about one attempt daily. This has
>> been going on for at least the last month or so IIRC. As long as
>> you're patched and not using incredibly poor passwords, you'll be
>> fine. Search the NANOG archives if you need more detail.
>>
>
> I have also seen such an increase in "brute force" attacks over the
> last month. Different ip everyday- but they are increasing the
> accounts they try.
> Can an attacker determine the version string of sshd running on a
> machine without a successful login? If so, could the fact that
> RHEL has backported patches and kept the string at "3.6.1p2" given
> these crackers false hope that this is a vulnerable sshd? Just
> wondering...
>
> Jurvis LaSalle
just ssh something verbosely, it does give the version string....
<SNIP>
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
</SNIP>
Just to follow on from this - does OpenSSH 3.6.1p2 have a serious vuln. that I dont know about? Anyone got a link?
Jeff
More information about the redhat-list
mailing list