If you’re a service provider wringing your hands over the so-called zero-day exploit for OpenSSH, it may be time for a reality check. After several days of scrambling to confirm an anonymous claim on the Full-Disclosure mailing list about a dangerous OpenSSH vulnerability, many experts are ready to call the assertion a hoax.

The prevalence of OpenSSH use as an Internet connectivity encryption tool makes the thought of an unknown security hole bring forth plenty of sweat on the brows of IT geeks around the world. Which is why it is no surprise that some folks overreacted a bit this week. In fact, on July 5 the U.S.-based hosting firm Host Gator even shut down all SSH access to its shared and reseller customers in a preemptive strike against the potential vulnerability.

But the truth is, security gurus say, the more they look at evidence for the zero-day exploit the more it looks like a run-of-the-mill brute-force attack.

“I have exchanged some emails with one of the victims of the alleged SSHD 0day, but he was not able to provide any evidence that the attack was SSHD-related,” wrote OpenSSH developer Damien Miller in a message to an OpenSSH listserv. “In particular, I spent some time analysing a packet trace that he provided, but it seems to consist of simple brute-force attacks.”

SANS Internet Storm Center handler Bojan Zdrnja agrees.

“This looks very much like a hoax to me,” Zdrnja wrote on the ISC blog today, expressing amazement that a hosting company would turn off SSH service based on such flimsy evidence. “Every piece of evidence we received so far points only to brute force attacks on SSH servers (which have been around for years!).”