Outbound SSH Traffic from HP Virtual Connect Blades
We had some readers (kuddos for watching your traffic closely!) report outbound traffic from HP Virtual Connect Blades to 49.48.46.53 on port 22.
No response is received from this IP address, and we guess it is a bug. Interestingly (I think Daniel noted it first), 49, 48, 46, 53 happens to be the ASCII code for 1, 0, . , 5 . So we suspect some buggy code trying to use an IP address starting with "10.5" (in this case, the blade's IP address started with "10.5").
To confirm this guess: If you have an HP Virtual Connect Blade, do you see similar traffic? Is it directed at a different IP address? Does the ASCII rule still apply for you?
This workaround helped some users affected by this problem:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02720395&lang=en&cc=us&taskId=101&prodSeriesId=3794423&prodTypeId=3709945
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Network Monitoring and Threat Detection In-Depth | Singapore | Nov 18th - Nov 23rd 2024 |
Comments
if there are any questions or need for assistance. The interim resolution has proven success in removing the issue. A permanent firmware fix will be available in the near term. HP is committed to minimizing any impact on customer environments and to completely removing the issue as quickly as possible.
Download Customer Advisory Document ID: c02720395, March 7, 2011 at the following address:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02720395&lang=en&cc=us&taskId=101&prodSeriesId=3540808&prodTypeId=329290
Chuckk281
Mar 7th 2011
1 decade ago
AlexM
Mar 8th 2011
1 decade ago