OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Richard Ward (mhhomenetweb.com)
Date: Thu Mar 07 2002 - 22:46:55 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    That message would most likely indicated a scan in progress. If you've
    already patched OpenSSH, you shouldn't have to worry. It might be worth
    looking through your traffic logs and finding out which IP address that came
    from. I've been receiving a lot of connections from machines scanning for
    the vulnerability.

    And Mr. Lai is correct. There are surprisingly quite a few exploited Windows
    machines whom are still scanning from the Nimda/Code Red worm. If you find
    yourself with nothing better to do, start up MRTG and make fun graphs of all
    the attempts the worms make to find Microsoft IIS. 

    --
Richard Ward, GM
Home Net Web, Inc.
http://homenetweb.com

    ----- Original Message -----
From: krzysztof Strzelczyk <cs052279yahoo.com>
To: <freebsd-securityFreeBSD.ORG>
Sent: Thursday, March 07, 2002 11:01 PM
Subject: suspicious ssh logs

    > Hello,
>
> I am getting some suspicious logs in /var/log/messages
> and also in my httpd logs.  Since the ssh exploit went
> public today this worries me.
>
> Here are the logs, can anyone clarify.
>
> messages:
>
> Mar  7 17:58:10 server sshd[8783]: fatal: Local:
> Corrupted check bytes on input.
> Mar  7 17:58:21 server sshd[8786]: fatal: Local:
> Corrupted check bytes on input.
> Mar  7 17:58:36 server sshd[8791]: fatal: Local:
> Corrupted check bytes on input.
> Mar  7 17:58:51 server sshd[8798]: fatal: Local:
> Corrupted check bytes on input.
>
> httpd log: (It looks like maybe someone is trying to
> run scripts that aren't really there?)
>
> [Thu Mar  7 22:04:02 2002] [error] [client
> 195.252.149.234] File does not exist:
> /usr/local/www/data/default.ida
> [Thu Mar  7 22:18:41 2002] [error] [client
> 144.134.227.126] File does not exist:
> /usr/local/www/data/gall/kellyashton/gall1.shtml
> [Thu Mar  7 22:23:05 2002] [error] [client
> 67.201.235.198] File does not exist:
> /usr/local/www/data/gall/nia/gall1.shtml
> [Thu Mar  7 22:36:08 2002] [error] [client
> 68.60.16.31] File does not exist:
> /usr/local/www/data/default.ida
>
>
> Thanks
> -Chris
>
> __________________________________________________
> Do You Yahoo!?
> Try FREE Yahoo! Mail - the world's greatest free email!
> http://mail.yahoo.com/
>
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

    To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message