Well, I may just stand corrected. This morning I purchased the Spring 1999 issue of "2600". On page 44 there is an article called "Network Scanning with NMAP". NMAP is a network and port scanner that is very useful for scanning your own networks. Page 44 also has something called "Elite Exercise #2" which challenges you to create a custom scan for ssh (it's not very hard to do once you read the nmap man page). It mentions "there's problems with pre 1.2.26 versions as well as recent problems with the Kerberos code in 1.2.26." It may be possible that someone read this article and decided to test it on Kansas State University. -- Joe At 07:39 PM 4/13/99 -0400, Wood, Timothy wrote: > Typically, potential hackers scan ports en-masse to search for >vulnerabilities. The fact that they scanned 22 does not mean, necessarily, >that they were scanning for ssh. But...who knows? > Tim > > > > From: Joe Matusiewicz <[EMAIL PROTECTED]> on 04/13/99 07:36 AM > To: James Thompson <[EMAIL PROTECTED]>@SMTP@disa/exch, SSH >Mailing List <[EMAIL PROTECTED]>@SMTP@disa/exch > cc: > Subject: Re: Scaning of sshd > > At 10:37 AM 4/12/99 -0500, James Thompson wrote: > > > >Just this weekend someone scanned our network. Nothing new, but >what I > >found interesting was that one of the services probed was ssh. >Anyone > >know why a (possible) cracker would be interested in my sshd >services? > > > >>->->->->->->->->->->->->->->->->->->---<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-< > >James Thompson 138 Cardwell Hall Manhattan, Ks 66506 >785-532-0561 > >Kansas State University Department of >Mathematics > >>->->->->->->->->->->->->->->->->->->---<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-<-< > > > Just because they were scanning port 22 doesn't mean that they were >looking > for ssh. PC-Anywhere before Version 7.52 ran on port 22 and some > vulnerabilities of it were reported. > > -- Joe > > > >
