Re: SSH Version mapper scan
From: Pollywog <email@example.com>
Date: Sun, 12 May 2002 16:31:55 +0000
Subject: SSH Version mapper scan
> I just saw this in my logs. Should I be concerned and why is it
> happening? TIA
> Unusual System Events
> May 12 15:59:04 lilypad sshd: scanned from <SOME IP ADDRESS
> SSH-1.0-SSH_Version_Mapper. Don't panic.
> May 12 15:59:04 lilypad sshd: Did not receive identification
> from <SOME IP ADDRESS HERE>
I get this messages on a daily basis, mostly asian based isp's which
scan my entire range (62.45.*) for compromisable hosts. Of course my
host have been patches for a long time now.
I think you should listen to the "Don't panic" and just sit back and
let them scan.
I have mailed abuse@ addresses with proof that they are scanning the
entire netblock (I have about 18 machine on different subnets of that
block) but most isp's don't care about portscans.
Ivo van Dongen
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com