[Full-Disclosure] SSH login attempts: tcpdump packet capture
Jay Libove
libove at felines.org
Sun Aug 1 19:03:39 BST 2004
I got a packet capture of one of the SSH2 sessions trying to log in as a
couple of illegal usernames. The contents of one packet suggests an
attempt to buffer overflow the SSH server; ethereal's SSH decoding says
"overly large value".
It didn't seem to work against my system (I see no strange processes
running; all files changed in past ten days look normal).
I am cross-posting this message and the attached tcpdump packet capture
file to the following places to let better people than I analyze it:
openssh-unix-dev at mindrot.org
secureshell at securityfocus.com
full-disclosure at lists.netsys.com
vulnwatch at vulnwatch.org
-Jay Libove, CISSP
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssh2.tcpdump
Type: application/octet-stream
Size: 8506 bytes
Desc: ssh2.tcpdump
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040801/9b2f5fea/attachment.obj
Full-Disclosure is hosted and sponsored by Secunia.