On 10/16/07 11:06 AM, "Tim" <secnews@xxxxxxxxx> wrote: > I've recently noticed this in my logs: > > Oct 15 15:30:04 mysrv sshd[9563]: Bad protocol version > identification 'POST /unauthenticated//..%01/..%01/..%01/..%01/..%01/..%01/.. > %01/..%01/..%01/..%01/..%01/..%01/..%01' from 59.106.20.158 > > Oct 1 17:14:51 mysrv sshd[9915]: Bad protocol version > identification '\377\364\377\375\006\377\364\377\375\006\377\364\377\375\006' > from 84.58.87.123 > Oct 1 17:15:13 airrocket sshd[11982]: Bad protocol version identification '' > from 84.58.87.123 > > Did anyone else notice similar things? Does anyone know what vulnerability > they are attacking? > > Thanks, Nothing in my logs..just out of curiosity, are you running sshd with protocol version 1, 2, or both? James
