[FoRK] new sshd hole (fwd)

Justin Mason jm at jmason.org
Wed Aug 4 13:29:55 PDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Eugen Leitl writes:
> On Wed, Aug 04, 2004 at 09:54:09AM -0700, jm at jmason.org wrote:
> 
> > FYI -- it looks like a new sshd exploit is out and about -- there's
> > been another report in addition to this one.   No sign yet on 
> > bugtraq, /., etc., but keep an eye on any UNIX servers ;)
> 
> I doubt it's a hole, looks like default password bruteforcing:
> (I've been seeing those for more than a week).

yep -- there's a thread on fulldisclosure about it, which pretty
much agrees it's just bruteforcing.  phew ;)

- --j.

> Jul 18 05:57:30 denver065 sshd[19217]: Received disconnect from
> ::ffff:217.58.140.2: 11: Bye Bye
> Jul 18 05:57:34 denver065 sshd[19218]: Failed password for root from
> ::ffff:217.58.140.2 port 3371 ssh2
> Jul 18 05:57:34 denver065 sshd[19218]: Received disconnect from
> ::ffff:217.58.140.2: 11: Bye Bye
> Jul 18 05:57:37 denver065 sshd[19219]: Failed password for root from
> ::ffff:217.58.140.2 port 3463 ssh2
> Jul 18 05:57:37 denver065 sshd[19219]: Received disconnect from
> ::ffff:217.58.140.2: 11: Bye Bye
> Jul 18 05:57:41 denver065 sshd[19220]: Failed password for root from
> ::ffff:217.58.140.2 port 3526 ssh2
> Jul 18 05:57:41 denver065 sshd[19220]: Received disconnect from
> ::ffff:217.58.140.2: 11: Bye Bye
> Jul 18 05:57:47 denver065 sshd[19221]: Failed password for root from
> ::ffff:217.58.140.2 port 3648 ssh2
> Jul 18 05:57:47 denver065 sshd[19221]: Received disconnect from
> ::ffff:217.58.140.2: 11: Bye Bye
> Jul 18 05:57:53 denver065 sshd[19222]: Failed password for root from
> ::ffff:217.58.140.2 port 3792 ssh2
> Jul 18 05:57:53 denver065 sshd[19222]: Received disconnect from
> ::ffff:217.58.140.2: 11: Bye Bye
> Jul 18 05:57:57 denver065 sshd[19223]: Failed password for root from
> ::ffff:217.58.140.2 port 3910 ssh2
> Jul 18 05:57:57 denver065 sshd[19223]: Received disconnect from
> ::ffff:217.58.140.2: 11: Bye Bye
> Jul 18 05:58:02 denver065 sshd[19224]: Failed password for root from
> ::ffff:217.58.140.2 port 4015 ssh2
> Jul 18 05:58:02 denver065 sshd[19224]: Received disconnect from
> ::ffff:217.58.140.2: 11: Bye Bye
> Jul 18 05:58:06 denver065 sshd[19225]: Failed password for root from
> ::ffff:217.58.140.2 port 4170 ssh2
> Jul 18 05:58:07 denver065 sshd[19225]: Received disconnect from
> ::ffff:217.58.140.2: 11: Bye Bye
> Jul 18 05:58:11 denver065 sshd[19226]: Failed password for root from
> ::ffff:217.58.140.2 port 4241 ssh2
> Jul 18 05:58:11 denver065 sshd[19226]: Received disconnect from
> ::ffff:217.58.140.2: 11: Bye Bye
> Jul 18 05:58:16 denver065 sshd[19227]: Failed password for root from
> ::ffff:217.58.140.2 port 4356 ssh2
> Jul 18 05:58:16 denver065 sshd[19227]: Received disconnect from
> ::ffff:217.58.140.2: 11: Bye Bye
> Jul 18 05:58:20 denver065 sshd[19228]: Failed password for root from
> ::ffff:217.58.140.2 port 4482 ssh2
> Jul 18 05:58:21 denver065 sshd[19228]: Received disconnect from
> ::ffff:217.58.140.2: 11: Bye Bye
> Jul 18 05:58:26 denver065 sshd[19229]: Failed password for root from
> ::ffff:217.58.140.2 port 4619 ssh2
> Jul 18 05:58:26 denver065 sshd[19229]: Received disconnect from
> ::ffff:217.58.140.2: 11: Bye Bye
> Jul 18 05:58:29 denver065 sshd[19230]: Failed password for root from
> ::ffff:217.58.140.2 port 4714 ssh2
> Jul 18 05:58:29 denver065 sshd[19230]: Received disconnect from
> ::ffff:217.58.140.2: 11: Bye Bye
> Jul 18 05:58:35 denver065 sshd[19231]: Failed password for root from
> ::ffff:217.58.140.2 port 4783 ssh2
> Jul 18 05:58:35 denver065 sshd[19231]: Received disconnect from
> ::ffff:217.58.140.2: 11: Bye Bye
> Jul 18 05:58:37 denver065 sshd[19232]: Failed password for root from
> ::ffff:217.58.140.2 port 4911 ssh2
> Jul 18 05:58:37 denver065 sshd[19232]: Received disconnect from
> ::ffff:217.58.140.2: 11: Bye Bye
> Jul 18 05:58:43 denver065 sshd[19233]: Failed password for root from
> ::ffff:217.58.140.2 port 1036 ssh2
> Jul 18 05:58:44 denver065 sshd[19233]: Received disconnect from
> ::ffff:217.58.140.2: 11: Bye Bye
> Jul 18 05:58:47 denver065 sshd[19234]: Failed password for root from
> ::ffff:217.58.140.2 port 1164 ssh2
> Jul 18 05:58:47 denver065 sshd[19234]: Received disconnect from
> ::ffff:217.58.140.2: 11: Bye Bye
> Jul 18 05:58:51 denver065 sshd[19235]: Failed password for root from
> ::ffff:217.58.140.2 port 1234 ssh2
> Jul 18 05:58:51 denver065 sshd[19235]: Received disconnect from
> ::ffff:217.58.140.2: 11: Bye Bye
> Jul 18 05:58:54 denver065 sshd[19236]: Failed password for root from
> ::ffff:217.58.140.2 port 1327 ssh2
> Jul 18 05:58:54 denver065 sshd[19236]: Received disconnect from
> ::ffff:217.58.140.2: 11: Bye Bye
> Jul 18 05:58:58 denver065 sshd[19237]: Failed password for root from
> ::ffff:217.58.140.2 port 1423 ssh2
> Jul 18 05:58:58 denver065 sshd[19237]: Received disconnect from
> ::ffff:217.58.140.2: 11: Bye Bye
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFBEUdDQTcbUG5Y7woRAqFeAJ0e/elV4G6/1ZyXN2Rzbcs73onwiwCgtMPt
MXxdhbeyk1mJ02L7bu9f1a0=
=F5K/
-----END PGP SIGNATURE-----



More information about the FoRK mailing list