Re: sshd: invalid public DH value

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



These messages only started appearing in the latest botnet ssh weak
user/password fishing expedition.  I don't think the messages are from
a legitimate client.

Yes, they could be due to corrupted packets from one of the bots on a
weak connection, but I would like to hear if anybody can think of
other possibilities.



On Mon, Dec 14, 2009 at 16:00, Aleksandr Yampolskiy
<ayampolskiy@xxxxxxxx> wrote:
> Perhaps Diffie-Hellman key exchange algorithm fails due to packets being
> corrupted?
>
> ----- Original Message -----
> From: listbounce@xxxxxxxxxxxxxxxxx <listbounce@xxxxxxxxxxxxxxxxx>
> To: secureshell@xxxxxxxxxxxxxxxxx <secureshell@xxxxxxxxxxxxxxxxx>
> Sent: Mon Dec 14 14:16:31 2009
> Subject: sshd: invalid public DH value
>
> Has anybody seen these in their logs?
>
>   Dec DD HH:MM:SS web sshd[1979]: invalid public DH value: <= 1
>   Dec DD HH:MM:SS web sshd[1979]: Disconnecting: bad client public DH value
>
> Any idea what they mean?  We get lots of ssh probes, most of which can
> be ignored, but I've never seen this sshd message before.
> Could somebody be probing for a buffer overflow?
>
> We're running, "OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009", on Linux,
> kernel 2.6.24-26.
>


[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux