Re: what is this? (sshd messages in log)
On Thu, Jan 24, 2002 at 08:56:31PM -0800, Eric G. Miller wrote:
[Eric Miller]
| I dunno, but sounds like the crc32 exploit.
[Andrew Agno]
| I believe that those are scans for some sshd hole. Not too sure
| which one, but I assume yours doesn't have it if you got the log
| message.
Sounds like a reasonable explanation to me, and glad I'm not
vulnerable :-).
[john <johnpf@atnet.net.au>]
| Rerun the nmap as root - you'll get a lot more output. The netbios
| ports are blocked at a firewall/router you are not seeing their
| state on the target.
I ran nmap as root. The only difference was I needed to add '-P0' to
get any results, otherwise the results were the same. (I didn't try
udp yet)
[Eric Miller]
| It might be worth contacting choiceone.net with a log snippet.
I think I'll do that, though I posted the entire relevant portion of
the log. I don't have any additional information.
| Do you know what's on port 5631?
According to nmap it's PCAnyWhere (a windows program from symantec to
allow remote access).
I know nothing of the protocol, but thought I'd telnet to it anyways :
$ telnet 216.153.138.12 5631
Trying 216.153.138.12...
Connected to 216.153.138.12.
Escape character is '^]'.
}
Please press <Enter>...
Connection closed by foreign host.
$
(I did press enter when requested) It didn't take long for the output
to appear.
-D
--
He who spares the rod hates his son,
but he who loves him is careful to discipline him.
Proverbs 13:24
Reply to: