Re: SSH Version mapper scan

To: "Pollywog" <croak@shadypond.com>;, debian-security@lists.debian.org
Subject: Re: SSH Version mapper scan
From: "vdongen" <vdongen@hetisw.nl>
Date: Mon, 13 May 2002 10:29:05 +0200
Message-id: <[🔎] 20020513083041.B44F77C54@borg.kabelfoon.nl>

-----Original Message-----
From: Pollywog <croak@shadypond.com>
Date: Sun, 12 May 2002 16:31:55 +0000
Subject: SSH Version mapper scan

> I just saw this in my logs.  Should I be concerned and why is it 
> happening?   TIA
> 
> Unusual System Events
> =-=-=-=-=-=-=-=-=-=-=
> May 12 15:59:04 lilypad sshd[3442]: scanned from <SOME IP ADDRESS
> HERE> 
> with
> SSH-1.0-SSH_Version_Mapper.  Don't panic.
> May 12 15:59:04 lilypad sshd[3441]: Did not receive identification
> string
> from <SOME IP ADDRESS HERE>
I get this messages on a daily basis, mostly asian based isp's which 
scan my entire range (62.45.*) for compromisable hosts. Of course my 
host have been patches for a long time now.
I think you should listen to the "Don't panic" and just sit back and 
let them scan.
I have mailed abuse@ addresses with proof that they are scanning the 
entire netblock (I have about 18 machine on different subnets of that 
block) but most isp's don't care about portscans.

Greetz,

Ivo van Dongen 



-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Prev by Date: Re: Fixing file system privileges
Next by Date: Re: SSH Version mapper scan
Previous by thread: Re: SSH Version mapper scan
Next by thread: about some messages on my maillog
Index(es):
- Date
- Thread