[CLUE-Tech] sshd question
David Anselmi
anselmi at americanisp.net
Mon Aug 11 09:50:52 MDT 2003
David Guntner wrote:
> Kevin Cullis grabbed a keyboard and wrote:
>
>> Found this in my /var/log/messages file, what is it? It only
>> started in this month.
>>
>> Aug 9 20:38:06 linux sshd[525]: Received signal 15; terminating.
>> Aug 10 14:40:05 linux sshd[526]: Server listening on :: port 22.
>> Aug 10 22:34:05 linux sshd[3926]: scanned from ::ffff:62.90.85.8
>> with SSH-1.0-SSH_Version_Mapper. Don't panic. Aug 10 22:34:05
>> linux sshd[3925]: Did not receive identification string from
>> ::ffff:62.90.85.8
Kevin, go look on Google. This is well covered. If you're sshd is
serving the Internet, no big deal -- just another port scan. If it
shouldn't be open to the Internet then you have something to fix.
> Panic.
That's the first thing I always do. ;-)
[...]
> Trust me, you *don't* want to support Protocol 1. At all.
Strong words without a complete risk analysis. Can you explain what an
attacker would have to do to exploit the version 1 protocol, so Kevin
can make an informed decision about using it?
Of course there isn't anything in Kevin's log to suggest that he is
using version 1.
Dave
More information about the clue-tech
mailing list