[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH Version mapper scan

-----Original Message-----
From: Pollywog <croak@shadypond.com>
Date: Sun, 12 May 2002 16:31:55 +0000
Subject: SSH Version mapper scan

> I just saw this in my logs.  Should I be concerned and why is it 
> happening?   TIA
> Unusual System Events
> =-=-=-=-=-=-=-=-=-=-=
> May 12 15:59:04 lilypad sshd[3442]: scanned from <SOME IP ADDRESS
> HERE> 
> with
> SSH-1.0-SSH_Version_Mapper.  Don't panic.
> May 12 15:59:04 lilypad sshd[3441]: Did not receive identification
> string
I get this messages on a daily basis, mostly asian based isp's which 
scan my entire range (62.45.*) for compromisable hosts. Of course my 
host have been patches for a long time now.
I think you should listen to the "Don't panic" and just sit back and 
let them scan.
I have mailed abuse@ addresses with proof that they are scanning the 
entire netblock (I have about 18 machine on different subnets of that 
block) but most isp's don't care about portscans.


Ivo van Dongen 

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: