freebsd@bitfreak.org
2006-Oct-15 11:42 UTC
sshd "bad protocol version identification" messages
I'm seeing lines like the following in my security logs: Oct 14 06:56:32 srv sshd[41370]: Bad protocol version identification '\200b\001\003\001' from 24.203.221.239 From what I've read, this is a buffer overflow attack on the sshd whereby the attacker triggers the overflow before the identification string is sent then attempts commands to see if elevated priveleges were obtained. The log message is produced by sshd trying to interpret the commands as the identification string. Is this related to SA-06:22 or SA-06:23, or is this another bug?
Reasonably Related Threads
- Bad protocol version identification from UNKNOWN (patch)
- [Bug 1246] Protocol version identification errors don't log the sender IP anymore, always UNKNOWN
- Important Security Announcement: AltNames Vulnerability [new version of puppet]
- [Bug 1246] Protocol version identification errors don't log the sender IP anymore, always UNKNOWN
- Bug#377276: "Did not receive identification string" warning reappeared