On Thu, 16 Sep 2004 12:12:51 -0400, Jurvis LaSalle wrote: > > On Sep 16, 2004, at 9:51 AM, Jason Dixon wrote: > > >> On Sep 16, 2004, at 9:48 AM, Reuben D. Budiardja wrote: >> >> >>> Hello, >>> Just wondering if anyone's been seeing a lot of SSH attempts to >>> their machines >>> lately. I've seen at least 30 - 60 unautorizhed, brute force >>> attempts to each >>> of my server daily, and they come from different domain >>> everyday. >>> >> >> If, by brute force, you mean the "Admin/root/guest" dumb >> attempts, then yes, I have about one attempt daily. This has >> been going on for at least the last month or so IIRC. As long as >> you're patched and not using incredibly poor passwords, you'll be >> fine. Search the NANOG archives if you need more detail. >> > > I have also seen such an increase in "brute force" attacks over the > last month. Different ip everyday- but they are increasing the > accounts they try. > Can an attacker determine the version string of sshd running on a > machine without a successful login? If so, could the fact that > RHEL has backported patches and kept the string at "3.6.1p2" given > these crackers false hope that this is a vulnerable sshd? Just > wondering... > > Jurvis LaSalle just ssh something verbosely, it does give the version string.... <SNIP> debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2 debug1: match: OpenSSH_3.6.1p2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 </SNIP> Just to follow on from this - does OpenSSH 3.6.1p2 have a serious vuln. that I dont know about? Anyone got a link? Jeff -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
