HTTP over SSH probes?
Hi list,
What on earth is up with the latest log entries where something is
apparently trying to speak HTTP on the SSH port? Any ideas?
Example:
Jun 2 17:46:42 benjo sshd[17291]: Bad protocol version identification 'GET http://www.sciencedirect.com/ HTTP/1.1' from ::ffff:202.207.192.30
The IP in this case seems to be in China.
As far as I can tell nothing is listening at www.sciencedirect.com:22. The
web site on port 80 at www.sciencedirect.com is a self-proclaimed "digital
library" of some sort.
But why would random IPs be requesting sciencedirect.com at my workstation
which has nothing to do with it? Even for a worm that doesn't make any
sense.
regards,
--
Kevin B. McCarty <kmccarty@princeton.edu> Physics Department
WWW: http://www.princeton.edu/~kmccarty/ Princeton University
GPG: public key ID 4F83C751 Princeton, NJ 08544
Reply to: