> is what logcheck emailed me: > - -- snip -- > Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323 > Jun 16 04:36:03 jack sshd[20027]: Connection from 212.202.204.149 port 2810 > Jun 16 04:36:04 jack sshd[20027]: scanned from 212.202.204.149 with > SSH-1.0-SSH_Version_Mapper. Don't panic. > Jun 16 04:36:04 jack sshd[20026]: Did not receive identification string > from 212.202.204.149 > - -- end snip -- > > What is this? I have never seen that scanned message before. Is this a > concern? I am running Woody and all packages are up-to-date with > security fixes from the debian security site. Don't worry about it as it doesnt seem panicable as it says in log. As you might fall into frighten after you guess it as a scanner, you may after you discover the version number of a running sshd on a remote machine by telnetting it 22nd port typing telnet abc.com 22 Don't worry again. Version number not only can be got through a scanner but also standard client-server suite. And version number is a fact about keeping the state of the connection. This is natural. sincerely.
Attachment:
pgp4AUCaHAx9u.pgp
Description: PGP signature