[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] OpenSSH attack attempt?

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] OpenSSH attack attempt?
From: Honza Vlach <janus@xxxxxxxx>
Date: Mon, 22 Mar 2004 10:40:12 +0100

Hi,

Has anybody seen anything like this in openssh logs?

2004-03-22 09:01:37.781326500 Failed keyboard-interactive for illegal
user xjunr
01 from ::ffff:212.65.252.97 port 61991 ssh2
2004-03-22 09:01:37.781379500 Disconnecting: Too many authentication
failures fo
r xjunr01
2004-03-22 09:02:05.879614500 Bad protocol version identification
'\377\373\037\
377\373 \377\373\030\377\373'\377\375\001\377\373\003\377\375\003sdf'
from ::fff
f:212.65.252.97
2004-03-22 09:02:36.287775500 Bad protocol version identification
'\377\373\037\
377\373 \377\373\030\377\373'\377\375\001\377\373\003\377\375\003' from
::ffff:2
12.65.252.97

Is it some attack attempt? I've checked both full-disclosure archive and
google, unfortunately haven't found anything usable.

Thanks in advance,
Honza Vlach

Attachment: pgp00090.pgp
Description: PGP signature

Follow-Ups:
- Re: [Full-Disclosure] OpenSSH attack attempt?
  - From: ja6.com
- [Full-Disclosure] Re: OpenSSH attack attempt?
  - From: Raven Alder

Prev by Date: Re: [Full-Disclosure] NEVER open attachments
Next by Date: [Full-Disclosure] OpenSSL - dynamically linked binaries?
Previous by thread: [Full-Disclosure] RealSecure
Next by thread: Re: [Full-Disclosure] OpenSSH attack attempt?
Index(es):
- Date
- Thread