[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Someone scanned my ssh daemon

> is what logcheck emailed me:
> - -- snip --
> Jun 16 04:36:02 jack sshd[20026]: Connection from port 2323
> Jun 16 04:36:03 jack sshd[20027]: Connection from port 2810
> Jun 16 04:36:04 jack sshd[20027]: scanned from with
> SSH-1.0-SSH_Version_Mapper.  Don't panic.
> Jun 16 04:36:04 jack sshd[20026]: Did not receive identification string
> from
> - -- end snip --
> What is this?  I have never seen that scanned message before.  Is this a
> concern?  I am running Woody and all packages are up-to-date with
> security fixes from the debian security site.

Don't worry about it as it doesnt seem panicable as it says in log.
As you might fall into frighten after you guess it as a scanner, 
you may after you discover the version number of a running sshd on 
a remote machine by telnetting it 22nd port typing telnet abc.com 22

Don't worry again. Version number not only can be got through a 
scanner but also standard client-server suite. And version number
is a fact about keeping the state of the connection. This is natural.


Attachment: pgp4AUCaHAx9u.pgp
Description: PGP signature

Reply to: