Re: SSH attacks ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 16 Sep 2004 12:12:51 -0400, Jurvis LaSalle wrote:
>
> On Sep 16, 2004, at 9:51 AM, Jason Dixon wrote:
>
>
>> On Sep 16, 2004, at 9:48 AM, Reuben D. Budiardja wrote:
>>
>>
>>> Hello,
>>> Just wondering if anyone's been seeing a lot of SSH attempts to
>>> their machines
>>> lately. I've seen at least 30 - 60 unautorizhed, brute force
>>> attempts to each
>>> of my server daily, and they come from different domain
>>> everyday.
>>>
>>
>> If, by brute force, you mean the "Admin/root/guest" dumb
>> attempts, then yes, I have about one attempt daily.  This has
>> been going on for at least the last month or so IIRC.  As long as
>> you're patched and not using incredibly poor passwords, you'll be
>> fine.  Search the NANOG archives if you need more detail.
>>
>
> I have also seen such an increase in "brute force" attacks over the
> last month.  Different ip everyday- but they are increasing the
> accounts they try.
> Can an attacker determine the version string of sshd running on a
> machine without a successful login?  If so, could the fact that
> RHEL has backported patches and kept the string at "3.6.1p2" given
> these crackers false hope that this is a vulnerable sshd?  Just
> wondering...
>
> Jurvis LaSalle

just ssh something verbosely, it does give the version string....


<SNIP>

debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2

</SNIP>


Just to follow on from this - does OpenSSH 3.6.1p2 have a serious vuln. that I dont know about? Anyone got a link?

Jeff


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux