[FoRK] new sshd hole (fwd)

Eugen Leitl eugen at leitl.org
Wed Aug 4 12:56:05 PDT 2004


On Wed, Aug 04, 2004 at 09:54:09AM -0700, jm at jmason.org wrote:

> FYI -- it looks like a new sshd exploit is out and about -- there's
> been another report in addition to this one.   No sign yet on 
> bugtraq, /., etc., but keep an eye on any UNIX servers ;)

I doubt it's a hole, looks like default password bruteforcing:
(I've been seeing those for more than a week).

Jul 18 05:57:30 denver065 sshd[19217]: Received disconnect from
::ffff:217.58.140.2: 11: Bye Bye
Jul 18 05:57:34 denver065 sshd[19218]: Failed password for root from
::ffff:217.58.140.2 port 3371 ssh2
Jul 18 05:57:34 denver065 sshd[19218]: Received disconnect from
::ffff:217.58.140.2: 11: Bye Bye
Jul 18 05:57:37 denver065 sshd[19219]: Failed password for root from
::ffff:217.58.140.2 port 3463 ssh2
Jul 18 05:57:37 denver065 sshd[19219]: Received disconnect from
::ffff:217.58.140.2: 11: Bye Bye
Jul 18 05:57:41 denver065 sshd[19220]: Failed password for root from
::ffff:217.58.140.2 port 3526 ssh2
Jul 18 05:57:41 denver065 sshd[19220]: Received disconnect from
::ffff:217.58.140.2: 11: Bye Bye
Jul 18 05:57:47 denver065 sshd[19221]: Failed password for root from
::ffff:217.58.140.2 port 3648 ssh2
Jul 18 05:57:47 denver065 sshd[19221]: Received disconnect from
::ffff:217.58.140.2: 11: Bye Bye
Jul 18 05:57:53 denver065 sshd[19222]: Failed password for root from
::ffff:217.58.140.2 port 3792 ssh2
Jul 18 05:57:53 denver065 sshd[19222]: Received disconnect from
::ffff:217.58.140.2: 11: Bye Bye
Jul 18 05:57:57 denver065 sshd[19223]: Failed password for root from
::ffff:217.58.140.2 port 3910 ssh2
Jul 18 05:57:57 denver065 sshd[19223]: Received disconnect from
::ffff:217.58.140.2: 11: Bye Bye
Jul 18 05:58:02 denver065 sshd[19224]: Failed password for root from
::ffff:217.58.140.2 port 4015 ssh2
Jul 18 05:58:02 denver065 sshd[19224]: Received disconnect from
::ffff:217.58.140.2: 11: Bye Bye
Jul 18 05:58:06 denver065 sshd[19225]: Failed password for root from
::ffff:217.58.140.2 port 4170 ssh2
Jul 18 05:58:07 denver065 sshd[19225]: Received disconnect from
::ffff:217.58.140.2: 11: Bye Bye
Jul 18 05:58:11 denver065 sshd[19226]: Failed password for root from
::ffff:217.58.140.2 port 4241 ssh2
Jul 18 05:58:11 denver065 sshd[19226]: Received disconnect from
::ffff:217.58.140.2: 11: Bye Bye
Jul 18 05:58:16 denver065 sshd[19227]: Failed password for root from
::ffff:217.58.140.2 port 4356 ssh2
Jul 18 05:58:16 denver065 sshd[19227]: Received disconnect from
::ffff:217.58.140.2: 11: Bye Bye
Jul 18 05:58:20 denver065 sshd[19228]: Failed password for root from
::ffff:217.58.140.2 port 4482 ssh2
Jul 18 05:58:21 denver065 sshd[19228]: Received disconnect from
::ffff:217.58.140.2: 11: Bye Bye
Jul 18 05:58:26 denver065 sshd[19229]: Failed password for root from
::ffff:217.58.140.2 port 4619 ssh2
Jul 18 05:58:26 denver065 sshd[19229]: Received disconnect from
::ffff:217.58.140.2: 11: Bye Bye
Jul 18 05:58:29 denver065 sshd[19230]: Failed password for root from
::ffff:217.58.140.2 port 4714 ssh2
Jul 18 05:58:29 denver065 sshd[19230]: Received disconnect from
::ffff:217.58.140.2: 11: Bye Bye
Jul 18 05:58:35 denver065 sshd[19231]: Failed password for root from
::ffff:217.58.140.2 port 4783 ssh2
Jul 18 05:58:35 denver065 sshd[19231]: Received disconnect from
::ffff:217.58.140.2: 11: Bye Bye
Jul 18 05:58:37 denver065 sshd[19232]: Failed password for root from
::ffff:217.58.140.2 port 4911 ssh2
Jul 18 05:58:37 denver065 sshd[19232]: Received disconnect from
::ffff:217.58.140.2: 11: Bye Bye
Jul 18 05:58:43 denver065 sshd[19233]: Failed password for root from
::ffff:217.58.140.2 port 1036 ssh2
Jul 18 05:58:44 denver065 sshd[19233]: Received disconnect from
::ffff:217.58.140.2: 11: Bye Bye
Jul 18 05:58:47 denver065 sshd[19234]: Failed password for root from
::ffff:217.58.140.2 port 1164 ssh2
Jul 18 05:58:47 denver065 sshd[19234]: Received disconnect from
::ffff:217.58.140.2: 11: Bye Bye
Jul 18 05:58:51 denver065 sshd[19235]: Failed password for root from
::ffff:217.58.140.2 port 1234 ssh2
Jul 18 05:58:51 denver065 sshd[19235]: Received disconnect from
::ffff:217.58.140.2: 11: Bye Bye
Jul 18 05:58:54 denver065 sshd[19236]: Failed password for root from
::ffff:217.58.140.2 port 1327 ssh2
Jul 18 05:58:54 denver065 sshd[19236]: Received disconnect from
::ffff:217.58.140.2: 11: Bye Bye
Jul 18 05:58:58 denver065 sshd[19237]: Failed password for root from
::ffff:217.58.140.2 port 1423 ssh2
Jul 18 05:58:58 denver065 sshd[19237]: Received disconnect from
::ffff:217.58.140.2: 11: Bye Bye

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lair.xent.com/pipermail/fork/attachments/20040804/7c9cef54/attachment.pgp


More information about the FoRK mailing list