EXPLOIT SSLv2 Client_Hello with pad Challenge Length overflow attempt: sid 2657

We are seeing lots of these alerts to various of our SSL servers on
campus. There are about 160 different sources (mostly local DSL or
dialup users -- i.e. exactly the users we would expect).

Sample packet data:

170300010219DD1421A4

1E22E15D960B352E5291

5E53096D07688EBFE701

3B81726BA5740E57C502

C66F9A3136430C19B427

9C052E25A3CB34412BBE

D89E269669768FC87281

E20DD5D2A287D55DE54D

E7FC45D8B83A7F1EE07F

F4A83F85F07D7F7B2035

2047FB3E9D6779AC57F8

C4F38948049A0C339822

707FC42F9C39A847ABBB

5FA6B9CC589487D789DD

DB0257A72A541F370E02

B0F14C78F3FE2C2D48C0

77C58FCAF18C36E56A7B

B6623ACE1C0F6FFDF24E

7F8A971AD92C68A9C6A7

535460D0EB84C414EFFF

F8668B9A5AF6629D5D06

57A70282DE3D8FD2FCA6

8C018F425625B6F1D494

06AF7B8EBBDBC77425F0

42979737558081C46F70

67957B3E9BA029A0DD3E



........!.

.".]..5.R.

^S.m.h....

;.rk.t.W..

.o.16C...'

...%..4A+.

..&.iv..r.

.......].M

..E..:....

..?..}.{ 5

 G.>.gy.W.

...H...3."

p../.9.G..

_...X.....

..W.*T.7..

..Lx..,-H.

w.....6.j{

.b:...o..N

.....,h...

ST`.......

.f..Z.b.].

W....=....

...BV%....

..{....t%.

B..7U...op

g.{>..)..>


-- 
Russell Fulton, Information Security Officer, The University of Auckland
New Zealand



-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl